KR100746892B1 - Information recording/reproducing apparatus and method - Google Patents

Abstract

The key distribution structure of the tree structure transmits the update of the master key and the media key together with the key update block KRB. KRB is a configuration in which a leaf key and a limited node key are held in a device forming a leaf of a tree. The KRB generates and distributes a specific key update block KRB to a group specified by a specific node, and defines an updateable device. Can be. Devices that do not belong to the group cannot be decrypted and the security of key distribution is secured. In particular, in a system using a master key for generation management, a configuration for distributing an update master key by KRB is realized.

Hierarchical tree structure, node key, leaf key, data for encryption key generation, key update block

Description

Information recording / playback apparatus and method {INFORMATION RECORDING / REPRODUCING APPARATUS AND METHOD}

The present invention relates to an information recording apparatus, an information reproducing apparatus, an information recording method, an information reproducing method, and an information recording medium, and a program providing medium. In particular, by using a hierarchical key distribution method having a tree structure, the amount of messages can be reduced. Thus, a configuration is provided that makes it possible to reduce the load on data distribution in key update such as a master key or a media key. Specifically, a key necessary for recording of content data to or from the recording medium via a recording medium or a communication line, using a key distribution method in which each recording and reproducing apparatus is arranged on each leaf of an n-minute tree. An information recording apparatus, an information reproducing apparatus, an information recording method, an information reproducing method, and an information recording medium, each of which is configured to distribute (master key or media key) and to use each device to record and reproduce content data; and A program providing medium.

BACKGROUND With the development and development of digital signal processing technology, in recent years, recording apparatuses and recording media for digitally recording information have become popular. According to such a digital recording device and a recording medium, for example, recording and reproduction can be repeated without degrading an image or an audio. In this way, digital data can be copied repeatedly any number of times while maintaining the image quality and sound quality. Therefore, when a recording medium copying is illegally distributed to the market, the copyright holder or legitimate distributor of various contents such as music and movies It will harm your back. Recently, in order to prevent such illegal copying of digital data, various structures (systems) for preventing illegal copying have been introduced into digital recording devices and recording media.

For example, in the MD (mini disk: MD is a trademark) apparatus, SCMS (Serial Copy Management System) is adopted as a method of preventing illegal copying. The SCMS outputs the SCMS signal together with the audio data on the data reproduction side from the digital interface (DIF), and controls the recording of the audio data from the reproduction side on the data recording side based on the SCMS signal from the reproduction side. The system prevents copying.

Specifically, the SCMS signal is whether the audio data is copy free data that is allowed to be copied any number of times, is copy once allowed data, or is copy prohibited data. Is a signal representing. When audio data is received from the DIF on the data recording side, the SCMS signal transmitted together with the audio data is detected. When the SCMS signal is copy free, audio data is recorded together with the SCMS signal on the mini disk. In addition, when the SCMS signal is allowed to copy once, the SCMS signal is changed to copy prohibited and recorded on the mini disk together with the audio data. In addition, when the SCMS signal is copy prohibited, audio data is not recorded. By performing such control using the SCMS, the mini-disc device prevents illegal audio data from being copied illegally by the SCMS.

However, since the SCMS assumes that the apparatus itself for recording data has a configuration for controlling the recording of audio data from the reproduction side based on the SCMS signal as described above, the SCMS has a configuration for executing control of the SCMS. It is difficult to cope with the case where a mini disk device which is not provided is manufactured. Thus, for example, in a DVD player, a content scramble system is employed to prevent illegal copying of copyrighted data.

In a content scramble system, video data and audio data are encrypted and recorded in a DVD-ROM (Read Only Memory), and a key (decryption key) used to decrypt the encrypted data is given to a licensed DVD player. A license is given to a DVD player designed to comply with certain operating rules, such as not making illegal copies. Therefore, in the licensed DVD player, the image and audio can be reproduced from the DVD-ROM by decrypting the encrypted data recorded on the DVD-ROM using the provided key.

On the other hand, since a DVD player without a license does not have a key for decrypting encrypted data, it is not possible to decrypt encrypted data recorded on a DVD-ROM. As described above, in the content scramble system configuration, a DVD player that does not meet the conditions required at the time of license cannot play a DVD-ROM in which digital data is recorded, thereby preventing unauthorized copying.

However, the content scramble system employed in the DVD-ROM is directed to a recording medium (hereinafter, appropriately referred to as a ROM medium) in which data cannot be written by a user, and a recording medium capable of writing data by a user ( In the following, the application to the RAM media as appropriate) is not considered.

In other words, even if the data recorded on the ROM media is encrypted, if the encrypted data is copied to the RAM media as it is, the so-called pirated edition can be created which can be reproduced on a licensed and legitimate device.

Therefore, in the foregoing patent application, Japanese Patent Laid-Open No. 11-224461 (Japanese Patent Application Laid-open No. Hei 10-25310), the present applicant describes information (hereinafter, referred to as medium identification information) for identifying individual recording media with other data. On the condition that the device is recorded on the recording medium together with a license of the medium identification information, a configuration is provided in which the recording medium can be accessed only when the condition is satisfied.

In this method, the data on the recording medium is encrypted with the medium identification information and the secret key (master key) obtained by obtaining a license, and thus, even if an unlicensed device reads the encrypted data, meaningful data cannot be obtained. have. In addition, when the device receives a license, its operation is defined so that illegal copying (illegal copying) cannot be performed.

An unlicensed device cannot access the media identification information, and since the media identification information is an individual value for each medium, the unlicensed device can access all of the encrypted data recorded on the recording medium. Even if a copy is made on a new recording medium, data recorded on the recording medium thus produced cannot be correctly decrypted by a licensed device as well as a device that is not licensed, thereby effectively preventing illegal copying.

By the way, in the above structure, the master key stored in the licensed device is common to all the devices. This is because storing the common master key for a plurality of devices is a necessary condition for enabling the medium recorded by one device to be reproduced by another device (to ensure mutual connectivity).

However, in this system, when an attacker succeeds in attacking a single device and extracts a master key, all the systems are able to decrypt the encrypted and recorded data and the whole system is destroyed. In order to prevent this, when any device is attacked and it is discovered that the master key is exposed, it is necessary to update the master key with a new one and provide a newly updated master key to all devices other than the attacked device. The simplest way to realize this configuration is to provide a unique key (device key) for each device, prepare a value encrypted by the new master key with each device key, and send it to the device via a recording medium. Although considered, there is a problem that the total amount of messages to be transmitted increases in proportion to the number of devices.

An object of the present invention is to solve the above-described problem, and by using a hierarchical key distribution method of a tree structure, a configuration that makes it possible to reduce the message amount to be small and to reduce the load of distribution of a new update key is achieved. to provide. That is, a key required for recording of content data to or from the recording medium via a recording medium or a communication line using a key distribution method in which each device is arranged in each leaf of the n-minute tree (master key Or an information recording device, an information reproducing device, an information recording method, an information reproducing method, and an information recording medium, and a program providing medium. The purpose is to provide.

In a first aspect of the present invention, in an information recording apparatus for recording information on a recording medium, a node key unique to each node constituting a hierarchical tree structure with a plurality of different information recording apparatus as a leaf, and a unique key for each information recording apparatus And encryption processing means for holding a leaf key and executing encryption processing of the stored data on the recording medium, wherein the encryption processing means generates an encryption key based on data for encryption key generation built into the information recording apparatus. And an encryption process for data stored in the recording medium, wherein the encryption key generation data is configured as data which can be updated using at least one of the node key and leaf key. Is in the device.

Further, in one embodiment of the information recording apparatus of the present invention, the encryption key generation data is a master key common to a plurality of information recording apparatuses.                 

Further, in one embodiment of the information recording apparatus of the present invention, the encryption key generation data is a media key unique to a specific recording medium.

In an embodiment of the information recording apparatus of the present invention, the node key is configured as an updateable key, and in the update process, the update node key includes a key including at least one of a node key and a leaf key of a lower layer. Distributes the key update block KRB encrypted by means of the information recording apparatus of the leaf to be updated, wherein the encryption processing means in the information recording apparatus encrypts the encryption key generating data encrypted with the update node key. Receiving the update data, and acquiring the update node key by encryption processing of a key update block KRB, and calculating update data of the encryption key generation data based on the obtained update node key. It is characterized by having.

Further, in one embodiment of the information recording apparatus of the present invention, the key update block KRB is stored in a recording medium, and the encryption processing means encrypts the key update block KRB read from the recording medium. Characterized in that the configuration to run.

In one embodiment of the information recording apparatus of the present invention, the encryption key generation data has a configuration in which a generation number as update information is associated, and the encryption processing unit is used when storing encrypted data for the recording medium. And a generation number for storing the encryption key generation data on the recording medium as a generation number.

Furthermore, in one embodiment of the information recording apparatus of the present invention, a first encryption key of stored data for the recording medium is generated based on the first encryption key generation data, and the encryption is based on the first encryption key. A data encryption process of unlimited playback apparatus for storing the first encryption key generation data on the recording medium, while executing a process for the stored data; and for generating a second encryption key embedded in the information recording apparatus. Configured to selectively execute a data encryption process with a playback device restriction that generates a second encryption key of the stored data for the recording medium based on the data and performs the encryption process based on the second encryption key on the stored data. Characterized in having a.

Further, in one embodiment of the information recording apparatus of the present invention, the encryption processing means includes a generation-managed master key stored in the information recording apparatus and a recording medium identifier unique to the recording medium in the encryption processing without limitation of the reproduction apparatus. A title unique key is generated based on a disc ID, a title key unique to data to be recorded on the recording medium, and a device ID which is an identifier of an information recording apparatus, and the first encryption key is generated based on the title unique key. In the encryption processing with the reproduction device limitation, a generation-managed master key stored in the information recording apparatus, a disc ID which is a recording medium identifier unique to a recording medium, and a title key unique to data to be recorded on the recording medium. And a title unique key based on the device unique key which is a unique key of the information recording apparatus, and generates the title unique key. The second encryption key is generated based on a key.

Furthermore, in one embodiment of the information recording apparatus of the present invention, the apparatus comprises: transport stream processing means for adding reception time information (ATS) to each packet constituting a transport stream consisting of intermittent transport packets; The encryption processing means has a configuration of generating a block key as an encryption key for block data composed of one or more packets to which the reception time information ATS has been added, and in the encryption processing of stored data for the recording medium, the encryption key. And a block key as an encryption key on the basis of the data including the block seed which is additional information unique to the block data including the generation data and the reception time information ATS.

Further, in one embodiment of the information recording apparatus of the present invention, the encryption processing means is configured to perform encryption processing of stored data on the recording medium according to a DES algorithm.

In addition, in one embodiment of the information recording apparatus of the present invention, there is provided an interface means for receiving information to be recorded on a recording medium, the interface means being included in each packet included in a transport stream constituting data. It is characterized by having a structure for identifying the added copy control information and controlling the execution of recording on the recording medium based on the copy control information.

In addition, in one embodiment of the information recording apparatus of the present invention, there is provided an interface means for receiving information to be recorded on a recording medium, the interface means having two bits of EMI as copy control information for controlling copying. (Encryption Mode Indicator), and characterized in that it has a configuration of controlling whether or not to execute recording on the recording medium based on the EMI.

In addition, a second aspect of the present invention provides a node key unique to each node constituting a hierarchical tree structure having a plurality of different information reproducing apparatus as a leaf in an information reproducing apparatus for reproducing information from a recording medium, and unique to each information reproducing apparatus. And encryption processing means for holding a leaf key of said data and performing decryption processing of the encryption data stored in the recording medium, said encryption processing means generating a decryption key based on the decryption key generation data built into said information recording apparatus. And decrypts encrypted data stored in the recording medium, wherein the decryption key generation data is configured as data which can be updated using at least one of the node key and leaf key. Is in the playback device.

Further, in one embodiment of the information reproducing apparatus of the present invention, the decryption key generating data is a master key common to a plurality of information recording apparatuses.

Further, in one embodiment of the information reproducing apparatus of the present invention, the decryption key generation data is a media key unique to a specific recording medium.

Further, in one embodiment of the information reproducing apparatus of the present invention, the node key is configured as an updateable key, and in the update process, the update node key includes a key including at least one of a node key and a leaf key of a lower layer. Distributed to the information reproducing apparatus of the leaf to be updated, wherein the encryption processing means in the information recording apparatus is the decryption key generation data encrypted by the update node key. Receive the update data, and obtain the update node key by encryption processing of a key update block (KRB), and calculate update data of the decryption key generation data based on the obtained update node key. It is characterized by having.

Further, in one embodiment of the information reproducing apparatus of the present invention, the key update block KRB is stored in a recording medium, and the encryption processing means encrypts the key update block KRB read from the recording medium. Characterized in that the configuration to run.

Further, in one embodiment of the information reproducing apparatus of the present invention, the decryption key generation data has a configuration in which a generation number as update information is associated, and the encryption processing section is adapted to decrypt the encrypted data from the recording medium. Wherein the generation number of the encryption key generation data used in the encryption processing of the encrypted data is read from the recording medium, and a decryption key is generated using the decryption key generation data corresponding to the read generation number. do.

Further, in an embodiment of the information reproducing apparatus of the present invention, a first decryption key for encrypted data stored in the recording medium is generated based on the first decryption key generation data stored in the recording medium, and the first decryption key is generated. A data decoding process of unlimited reproduction apparatus which executes a key-based decoding process on the encrypted data, and an encryption data stored on the recording medium on the basis of the second decryption key generation data built into the information recording apparatus. And a data decryption process with a playback device limitation for generating a decryption key and performing a decryption process based on the second decryption key on the encrypted data.

Further, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing means acquires a generation-managed master key stored in the information recording apparatus from the recording medium in the decoding processing without limitation of the reproducing apparatus. Obtaining a disc ID which is a recording medium unique to a recording medium, a title key which is unique to the data to be decrypted, and a device ID which is an identifier of a device ID information recording apparatus which is an identifier of an information recording apparatus on which encrypted data is recorded; A title unique key is generated based on the disc ID, the title key, and the device ID, the first decoding key is generated based on the title unique key, and stored in the information recording apparatus in the decoding process with the reproduction device limitation. A generation-managed master key and a device unique key, which is a unique key of the information recording device stored in the information recording device. In addition, a disc ID, which is a recording medium identifier unique to the recording medium, and a title key unique to the data to be decoded are obtained from the recording medium, and the title is unique based on the master key, disc ID, title key, and device unique key. A key is generated, and the second decryption key is generated based on the title unique key.

Further, in one embodiment of the information reproducing apparatus of the present invention, data output control is performed based on reception time information (ATS) added to each of a plurality of transport packets constituting the decoded block data in the encryption processing means. And a transport stream processing means for executing, wherein said encryption processing means has a structure for generating a block key as a decryption key for block data consisting of one or more packets to which said reception time information (ATS) is added, and said recording medium. In the decryption processing of the encrypted data stored in the control unit, a block key as a decryption key is generated on the basis of the data including the block seed which is additional information unique to the block data including the decryption key generation data and the received time information (ATS). It is characterized by having a configuration.

Further, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing means is configured to perform decryption processing of encrypted data stored in the recording medium according to a DES algorithm.

Furthermore, in one embodiment of the information reproducing apparatus of the present invention, the information reproducing apparatus includes interface means for receiving information to be recorded on a recording medium, and the interface means is provided to a transport stream constituting data. And copy control information added to each packet included, and control whether or not reproduction is executed from the recording medium based on the copy control information.

In addition, in one embodiment of the information reproducing apparatus of the present invention, there is provided an interface means for receiving information to be recorded on a recording medium, the interface means having two bits as copy control information for controlling copying. And an encryption mode indicator (EMI) and controls whether or not reproduction is performed from the recording medium based on the EMI.

Further, a third aspect of the present invention is an information recording method for recording information on a recording medium, comprising: a unique node key and each information recording for each node constituting a hierarchical tree structure having a plurality of different information recording apparatus as a leaf An update step of performing an update process of data for encryption key generation for generating an encryption key for executing an encryption process of stored data for a recording medium using at least one of the device-specific leaf keys; and in the update step, And an encryption processing step of generating an encryption key based on the updated encryption key generation data and executing encryption processing of the data stored in the recording medium.

In one embodiment of the information recording method of the present invention, the encryption key generation data is a master key common to a plurality of information recording apparatuses.

Further, in one embodiment of the information recording method of the present invention, the encryption key generation data is characterized by being a media key unique to a specific recording medium.

Further, in one embodiment of the information recording method of the present invention, the node key is configured as an updatable key, and in the update process, the update node key includes at least one of a node key and a leaf key of a lower layer. Distributes the key update block KRB encrypted by means of the information recording apparatus of the leaf to be updated, wherein the update step includes: an update for acquiring the update node key by encryption processing of the key update block KRB; And an update data acquisition step of calculating update data of the encryption key generation data based on the node key acquisition step and the obtained update node key.

Further, in one embodiment of the information recording method of the present invention, the encryption key generation data has a configuration in which a generation number as update information is associated, and the encryption processing step is further performed at the time of storing encrypted data for the recording medium. And storing the used generation number of the encryption key generation data on the recording medium as a generation number at the time of recording.

Further, in one embodiment of the information recording method of the present invention, the encrypting step generates a first encryption key of the storage data for the recording medium based on the first encryption key generation data, and generates the first encryption key. Based on the stored data, data encryption processing of unlimited playback apparatus for storing the first encryption key generation data on the recording medium, and second encryption embedded in the information recording apparatus. Based on the key generation data, a data encryption process with limited playback apparatus for generating a second encryption key of the stored data for the recording medium and executing encryption processing based on the second encryption key on the stored data is optional. It is characterized in that the execution.

Further, in one embodiment of the information recording method of the present invention, the encryption processing step includes a generation-managed master key stored in an information recording apparatus and a recording medium identifier unique to a recording medium in the encryption processing without limitation of the reproduction apparatus. A title unique key is generated based on the in-disk ID, a title key unique to data to be recorded on the recording medium, and a device ID which is an identifier of the information recording apparatus, and based on the title unique key, the first encryption key. In the encryption processing with the playback device limitation, the generation-managed master key stored in the information recording apparatus, a disc ID which is a recording medium identifier unique to a recording medium, and a title key unique to data to be recorded on the recording medium. And a title unique key based on the device unique key which is a unique key of the information recording apparatus. On the basis of the key features is configured to generate the second encryption key.

Furthermore, in one embodiment of the information recording method of the present invention, a transport stream processing step of adding reception time information (ATS) to each packet constituting a transport stream consisting of intermittent transport packets is provided. In the encryption processing step, a block key is generated as an encryption key for block data composed of one or more packets to which the reception time information ATS is added, and the encryption key generation data is used for encrypting stored data for the recording medium. And a block key as an encryption key based on the data including the block seed which is additional information unique to the block data including the reception time information ATS.

Further, in one embodiment of the information recording method of the present invention, the encryption processing step is characterized in that the encryption processing of the stored data for the recording medium is performed according to a DES algorithm.

Furthermore, in one embodiment of the information recording method of the present invention, copy control information added to each packet included in the transport stream constituting the data is identified, and recording is performed on the recording medium based on the copy control information. It is characterized by controlling the availability.

Further, in one embodiment of the information recording method of the present invention, two bits of an encryption mode indicator (EMI) as copy control information for controlling copying are identified, and the execution of recording on the recording medium is allowed based on the EMI. It characterized in that to control.

Further, a fourth aspect of the present invention is an information reproducing method for reproducing information from a recording medium, wherein a node key unique to each node constituting a hierarchical tree structure having a plurality of different information reproducing apparatus as a leaf and each information reproducing apparatus are provided. An update step of performing update processing of decryption key generation data for generating a decryption key for executing decryption processing of encrypted data stored in the recording medium using at least one of the unique leaf keys; and updating in the update step. And a decryption processing step of generating a decryption key based on the decrypted key generation data and performing a decryption process on the encrypted data stored in the recording medium.

In one embodiment of the information reproducing method of the present invention, the decryption key generation data is a master key common to a plurality of information recording apparatuses.

Further, in one embodiment of the information reproducing method of the present invention, the decryption key generation data is a media key unique to a specific recording medium.

In an embodiment of the information reproducing method of the present invention, the node key is configured as an updateable key, and in the update process, the update node key includes a key including at least one of a node key and a leaf key of a lower layer. Distributes the key update block KRB encrypted by the above information to the information reproducing apparatus of the leaf to be updated, wherein the updating step includes: an update for acquiring the update node key by encryption processing of the key update block KRB; And an update data acquisition step of calculating update data of the decryption key generation data based on the node key acquisition step and the acquired update node key.

Further, in one embodiment of the information reproducing method of the present invention, the decryption key generation data has a configuration in which a generation number as update information is associated, and the decryption processing step is performed at the time of decrypting the encrypted data from the recording medium. Characterized in that the generation number of the encryption key generation data used in the encryption processing of the encrypted data is read from the recording medium, and a decryption key is generated using the decryption key generation data corresponding to the read generation number. .

Further, in an embodiment of the information reproducing method of the present invention, a first decryption key for encrypted data stored in the recording medium is generated based on the first decryption key generation data stored in the recording medium, and the first decryption key is generated. A data decoding process of unlimited playback apparatus for performing decryption processing based on a decryption key on the encrypted data, and encryption data stored on the recording medium based on the second decryption key generation data built into the information recording apparatus. And a data decryption process with limited playback apparatus that generates a second decryption key and performs decryption processing based on the second decryption key on the encrypted data.

Further, in one embodiment of the information reproducing method of the present invention, the decoding processing step includes obtaining a generation-managed master key stored in the information recording apparatus from the recording medium in the decoding processing without limitation of the reproduction apparatus. A disk ID as a recording medium identifier unique to the recording medium, a title key unique to the data to be decoded, and a device ID as an identifier of the device ID information recording apparatus which is an identifier of the information recording apparatus which recorded the encrypted data. A title unique key is generated based on the disc ID, the title key, and the device ID, and the first decoding key is generated based on the title unique key. Generation-managed master key stored in the device and a device unique key that is a unique key of the information recording device stored in the information recording device. Acquisition is performed from the recording medium to obtain a disc ID, which is a recording medium identifier unique to the recording medium, and a title key unique to the data to be decoded, based on the master key, disc ID, title key, and device unique key. A unique key is generated, and the second decryption key is generated based on the title unique key.

Furthermore, in one embodiment of the information reproducing method of the present invention, the information reproducing apparatus executes data output control based on reception time information (ATS) added to each of the plurality of transport packets constituting the decoded block data. Transport stream processing means, wherein said decoding processing step generates a block key as a decryption key for block data consisting of one or more packets to which said reception time information (ATS) has been added, and stores the encrypted data stored in said recording medium. In the decryption process, a block key as a decryption key is generated on the basis of the data including the block seed which is additional information specific to the block data including the decryption key generation data and the reception time information (ATS). .                 

Further, in one embodiment of the information reproducing method of the present invention, the decoding processing step is characterized in that the decoding processing of the encrypted data stored in the recording medium is performed according to a DES algorithm.

Further, in one embodiment of the information reproducing method of the present invention, copy control information added to each packet included in a transport stream constituting the data is identified, and based on the copy control information, It is characterized by controlling the execution of reproduction.

Furthermore, in one embodiment of the information reproducing method of the present invention, two bits of an encryption mode indicator (EMI) as copy control information for controlling copying are identified, and reproduction of data stored in the recording medium is executed based on the EMI. It is characterized by controlling the availability.

Further, a fifth aspect of the present invention is an information recording medium capable of recording information, comprising a node key unique to each node constituting a hierarchical tree structure having a plurality of different information recording devices as a leaf, and unique to each information recording device. And a key update block (KRB) in which an update node key included in a leaf key is encrypted by a key including at least one of a node key and a leaf key of a lower layer.

Furthermore, in one embodiment of the information recording medium of the present invention, the data for encrypting key generation for generating an encryption key for use in the encryption process of data stored in the recording medium in the information recording apparatus is encrypted with the update node key. It is characterized by including the data.                 

Further, in one embodiment of the information recording medium of the present invention, the decryption key generation data for generating the decryption key for use in the decryption process of the encrypted data stored in the recording medium in the information reproducing apparatus is encrypted with the update node key. It is characterized by including the data.

According to one embodiment of the information recording medium of the present invention, it is characterized by having a configuration in which generation information about encryption key generation data or decryption key generation data is stored.

Further, a sixth aspect of the present invention is a recording medium manufacturing apparatus for manufacturing an information recording medium, wherein a node key unique to each node constituting a hierarchical tree structure with a plurality of different information recording apparatus as a leaf and unique to each information recording apparatus A memory for storing a key update block (KRB) encrypted by an update node key included in a leaf key of the key by at least one of a node key and a leaf key of a lower layer; and a key update block stored in the memory ( And a control unit that performs write control on the recording medium of KRB).

In an embodiment of the recording medium manufacturing apparatus of the present invention, the memory further stores at least one of a recording medium identifier, encrypted encryption key generation data, and encrypted decryption key generation data, and The control unit is configured to perform write control on the recording medium for at least one of the recording medium identifier, the encrypted encryption key generation data, and the encrypted decryption key generation data.                 

In one embodiment of the recording medium manufacturing apparatus of the present invention, the memory further stores generation information relating to data for encryption key generation or data for decryption key generation, and wherein the control unit stores the generation medium of the generation information. It is characterized in that the configuration for executing the write control for the.

Further, a seventh aspect of the present invention is a recording medium manufacturing method for manufacturing a recording medium, comprising: a node key unique to each node constituting a hierarchical tree structure having a plurality of different information recording devices as a leaf and each information recording device. Storing in the memory a key update block (KRB) encrypted with an update node key included in a unique leaf key by a key including at least one of a node key or a leaf key of a lower layer; And writing to said recording medium of an update block (KRB).

Further, in one embodiment of the recording medium manufacturing method of the present invention, the memory further stores at least one of a recording medium identifier, encrypted encryption key generation data, and encrypted decryption key generation data, and Each time recording is performed on the recording medium, at least one of the recording medium identifier, the encrypted encryption key generation data, or the encrypted decryption key generation data is characterized.

In addition, in one embodiment of the recording medium manufacturing method of the present invention, in the recording medium manufacturing method, generation information about encryption key generation data or decryption key generation data is stored in the memory, and the control unit Is characterized in that writing of the generation information to the recording medium is performed.

In addition, an eighth aspect of the present invention is a program providing medium for providing a computer program for executing an information recording process of recording information on a recording medium on a computer system, wherein the computer program is configured to retrieve a plurality of different information recording apparatus as leafs. An encryption key for generating an encryption key for performing encryption processing of storage data for a recording medium by using at least one of a unique node key and a leaf key unique to each information recording device for each node constituting a hierarchical tree structure. An update step of executing an update process of generation data and an encryption process step of executing encryption processing of data generated on the recording medium by generating an encryption key based on the encryption key generation data updated in the update step;

In a program providing medium comprising a.

A ninth aspect of the present invention is a program providing medium for providing a computer program for executing an information reproducing process of reproducing information stored in a recording medium on a computer system, wherein the computer program leaves a plurality of different information reproducing apparatuses. Decoding for generating a decryption key for performing decryption processing of the encrypted data stored in the recording medium by using at least one of a unique node key and a leaf key unique to each information reproducing apparatus for each node constituting the hierarchical tree structure. An update step of executing an update process of key generation data, and a decryption processing step of generating a decryption key based on the decryption key generation data updated in the update step and performing a decryption process of the encrypted data stored in the recording medium; Program providing media, characterized in that it comprises a.

In the configuration of the present invention, by using a hierarchical key distribution method of a tree structure, the amount of delivery messages required for key update is kept small. That is, a key required for recording of content data to or from the recording medium via a recording medium or a communication line using a key distribution method in which each device is arranged in each leaf of the n-minute tree (master key Or a media key), and each device records and reproduces the content data using the same.

As one aspect of the present invention, the format of the content recorded on the recording medium is an MPEG2 TS packet, and the packet is added with the ATS, which is the time information received by the recording apparatus, to record. ATS is 24 to 32 bits of data and is somewhat random. Here, ATS is an abbreviation of Arrival Time Stamp. In one block (sector) of the recording medium, X TS packets added with ATS are recorded, and a block key for encrypting the data of the block is generated using the ATS added to the first TS packet. .

In this way, each block can be encrypted using a unique key, and a special area for storing the key is also unnecessary, and there is no need to access data other than the main data portion during recording and reproduction.

In addition, it is also possible to add not only ATS but also copy control information (CCI) to the TS packet, and to generate a block key using ATS and CCI.                 

The program providing media according to the eighth and ninth aspects of the present invention is, for example, a medium for providing a computer program in a computer-readable format to a general-purpose computer system capable of executing various program codes. The medium is not particularly limited in form, such as a recording medium such as a CD, an FD, or a MO, or a transmission medium such as a network.

Such a program providing medium defines a cooperative relationship in structure or function between a computer program and a providing medium for realizing a function of a predetermined computer program on a computer system. In other words, by installing the computer program in the computer system through the providing medium, the cooperative action is exerted on the computer system, and the same operation and effect as other aspects of the present invention can be obtained.

Other objects, features and advantages of the present invention will become apparent from the following detailed description based on the embodiments of the present invention and the accompanying drawings.

1 is a block diagram showing a configuration example (part 1) of an information recording and reproducing apparatus of the present invention.

Fig. 2 is a block diagram showing a structural example (part 2) of the information recording and reproducing apparatus of the present invention.

3A and 3B show a data recording processing flow of the information recording and reproducing apparatus of the present invention.

4A and 4B show a data reproduction processing flow of the information recording and reproducing apparatus of the present invention.

Fig. 5 is a diagram for explaining a data format processed in the information recording and reproducing apparatus of the present invention.                 

Fig. 6 is a block diagram showing the structure of a transport stream (TS) processing means in the information recording and reproducing apparatus of the present invention.

7A to 7C are views for explaining the configuration of a transport stream processed by the information recording and reproducing apparatus of the present invention.

Fig. 8 is a block diagram showing the configuration of a transport stream (TS) processing means in the information recording and reproducing apparatus of the present invention.

Fig. 9 is a block diagram showing the structure of a transport stream (TS) processing means in the information recording and reproducing apparatus of the present invention.

Fig. 10 is a diagram showing an example of the configuration of block data as additional information of block data processed by the information recording and reproducing apparatus of the present invention.

Fig. 11 is a tree structure diagram illustrating encryption processing of keys such as a master key and a media key in the information recording and reproducing apparatus of the present invention.

12A and 12B show an example of a key update block KRB used for distributing keys such as a master key and a media key to the information recording and reproducing apparatus of the present invention.

Fig. 13 is a diagram showing a distribution example and a decryption processing example using a key update block (KRB) of a master key in the information recording and reproducing apparatus of the present invention.

Fig. 14 is a diagram showing a decoding processing flow using a key update block KRB of a master key in the information recording and reproducing apparatus of the present invention.

Fig. 15 is a view showing a generation comparison processing flow of master keys in content recording processing in the information recording and reproducing apparatus of the present invention.                 

Fig. 16 is a block diagram (1) for explaining an encryption process during data recording processing in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 17 is a block diagram for explaining an encryption process during data recording processing in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention (No. 2).

Fig. 18 is a flowchart for explaining data recording processing in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 19 is a view for explaining an example of generating a disc unique key in the information recording and reproducing apparatus of the present invention.

Fig. 20 is a diagram showing a process of generating a title unique key in a system for reproducing device limitation in the information recording and reproducing apparatus of the present invention.

Fig. 21 is a diagram showing an example of processing for generating a title unique key at the time of data recording in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 22 is a diagram explaining a method of generating a block key in the information recording and reproducing apparatus of the present invention.

Fig. 23 is a block diagram for explaining decoding processing during data reproduction processing in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 24 is a flowchart for explaining data reproduction processing in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 25 is a flowchart showing the details of the reproducibility determination process in the data reproducing process in the system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.                 

Fig. 26 is a diagram showing a process of generating a title unique key at the time of data reproduction in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 27 is a diagram showing a distribution example and a decoding processing example using a key update block KRB of a media key in the information recording and reproducing apparatus of the present invention.

Fig. 28 is a diagram showing a decoding processing flow using a key update block KRB of a media key in the information recording and reproducing apparatus of the present invention.

29 is a diagram showing a content recording process flow using a media key in the information recording and reproducing apparatus of the present invention.

30 is a block diagram (1) for explaining an encryption process during data recording processing using a media key in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 31 is a block diagram for explaining an encryption process during data recording process using a media key in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention (No. 2).

32 is a flowchart for explaining data recording processing using a media key in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

33 is a block diagram for explaining an encryption process during data reproduction processing using a media key in a system capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 34 is a flowchart for explaining data reproduction processing using a media key in a system for reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 35 is a flowchart showing the details of the reproduction possibility determination process in the data reproduction process using the media key in the apparatus capable of reproducing apparatus in the information recording and reproducing apparatus of the present invention.

Fig. 36 is a block diagram showing the configuration of a recording / reproducing apparatus in which the information recording and reproducing apparatus of the present invention is configured to receive KRB from the outside via communication means or the like and store it in a recording medium.

Fig. 37 is a block diagram showing processing of receiving KRB from the outside via a communication means or the like and storing it in a recording medium in the information recording and reproducing apparatus of the present invention.

Fig. 38 is a diagram showing a processing flow for receiving KRB from the outside via communication means or the like in the information recording and reproducing apparatus of the present invention, and storing it in a recording medium.

Fig. 39 is a view for explaining a process of receiving KRB from the outside via a communication means or the like and storing it in a recording medium in the information recording and reproducing apparatus of the present invention.

40A and 40B are flowcharts for explaining copy control processing during data recording processing in the information recording and reproducing apparatus of the present invention.

41A and 41B are flowcharts for explaining copy control processing during data reproduction processing in the information recording and reproducing apparatus of the present invention.

42 is a block diagram showing a configuration of processing means in the case where data processing is executed by software in the information recording and reproducing apparatus of the present invention.

Fig. 43 is a block diagram showing the structure of a manufacturing apparatus for manufacturing an information recording medium used in the information recording and reproducing apparatus of the present invention.

Fig. 44 is a diagram showing a processing flow of a manufacturing process for manufacturing an information recording medium used in the information recording and reproducing apparatus of the present invention.

Fig. 45 is a diagram showing an example format of a key update block KRB used in the information recording and reproducing apparatus of the present invention.

46A to 46C illustrate the structure of a tag of a key update block KRB used in the information recording and reproducing apparatus of the present invention.

<Best Mode for Carrying Out the Invention>

[System configuration]

1 is a block diagram showing the configuration of an embodiment of a recording / playback apparatus 100 to which the present invention is applied. The recording / reproducing apparatus 100 includes an input / output interface I / F (Interface: 120), an MP EG (Moving Picture Experts Group) codec 130, an A / D, and a D / A converter 141. 140, encryption processing means 150, ROM (Read Only Memory: 160), CPU (Central Processing Unit: 170), memory 180, drive 190 of recording medium 195, and also transport stream processing Means (TS processing means: 300), which are connected to each other by a bus (110).

The input / output I / F 120 receives digital signals constituting various contents such as images, sounds, programs, etc. supplied from the outside, outputs them on the bus 110, and receives digital signals on the bus 110. And output to the outside. The MPEG codec 130 MPEG decodes the MPEG encoded data supplied through the bus 110, outputs them to the input / output I / F 140, and MPEG encodes the digital signals supplied from the input / output IF 140. And output on the bus 110. The input / output I / F 140 has a built-in A / D and D / A converter 141. The input / output I / F 140 receives an analog signal as content supplied from the outside and converts the analog codec (A / D) by the A / D and D / A converter 141 to thereby convert the MPEG codec 130 as a digital signal. The digital signal from the MPEG codec 130 is converted to D / A (Digital Analog) by the A / D and D / A converter 141, and output to the outside as an analog signal.

The encryption processing means 150 is composed of, for example, one chip Large Scale Integrated Curcuit (LSI), and encrypts or decrypts a digital signal as content supplied through the bus 110 on the bus 110. It has a configuration to output. In addition, the encryption processing means 150 is not limited to one chip LSI, but can be implemented by a combination of various software or hardware. The configuration as the processing means by the software configuration will be described later.

The ROM 160 is, for example, a leaf key that is unique for each recording / reproducing apparatus, or a device key that is unique for each group of a plurality of recording / reproducing apparatuses, and a node key that is a device key shared for a plurality of recording / reproducing apparatuses, or a plurality of groups. I remember. The CPU 170 executes a program stored in the memory 180 to control the MPEG codec 130, the encryption processing means 150, and the like. The memory 180 is a nonvolatile memory, for example, and stores a program executed by the CPU 170 and data necessary for the operation of the CPU 170. The drive 190 drives the recording medium 195 capable of recording and reproducing digital data, thereby reading (reproducing) the digital data from the recording medium 195 and outputting it on the bus 110 together with the bus 110. The digital data supplied through the N / W is supplied to the recording medium 195 and recorded. The program may be configured to store the device key in the ROM 160 and the memory 180 in the memory 180.

The recording medium 195 is, for example, a medium capable of storing digital data such as an optical disk such as a DVD or a CD, a magneto-optical disk, a magnetic disk, a semiconductor memory such as a magnetic tape or a RAM, and the drive 190 in this embodiment. It is set as detachable structure with respect to). However, the recording medium 195 may be incorporated in the recording / reproducing apparatus 100.

The transport stream processing means (TS processing means) 300 will be described in detail later with reference to FIG. 6 or below, but for example, a plurality of TV programs (contents) corresponding to a specific program (content) from the multiplexed transport stream are described. A transport packet is extracted and data processing for storing the extracted appearance stream information of the transport stream in the recording medium 195 together with each packet and the appearance timing control process at the time of reproduction processing from the recording medium 195 are performed.

In the transport stream, an Arrival Time Stamp (ATS) as the timing information of appearance of each transport packet is set, and the timing is T-STD (Transport stream System Target), which is a virtual decoder defined in the MPEG2 system. It is determined at the time of encoding so as not to disturb the decoder, and the appearance timing is controlled by the ATS added to each transport packet at the time of reproduction of the transport stream. Transport stream processing means (TS processing means) 300 executes these controls. For example, in the case of recording a transport packet on a recording medium, the interval of each packet is recorded as a filled source packet, but the timing of output of each packet at the time of reproduction is preserved by storing the timing of appearance of each transport packet together on the recording medium. It becomes possible to control. The transport stream processing means (TS processing means) 300 adds and records an Arrival Time Stamp (ATS) indicating an input timing of each transport packet when recording data to the recording medium 195 such as a DVD. .

The recording and reproducing apparatus 100 of the present invention executes an encryption process on the encryption processing means 150 for the content constituted by the above-described ATS-attached transport stream, and records the content on which the encryption process has been performed. 195). In addition, the encryption processing means 150 executes a decryption process of the encrypted content stored in the recording medium 195. Details of these processes will be described later.

In addition, although the encryption processing means 150 and TS processing means 300 shown in FIG. 1 are shown as a separate block for easy understanding, you may comprise as one one-chip LSI which performs both functions, and It is good also as a structure which implement | achieves a function by the structure which combined software or hardware.

As a configuration example of the recording and reproducing apparatus of the present invention, the configuration shown in FIG. 2 is possible in addition to the configuration shown in FIG. In the recording / reproducing apparatus 200 shown in FIG. 2, the recording medium 195 can be attached or detached from a recording medium interface (I / F) 210 as a drive device, and the recording medium 195 is attached to another recording / reproducing apparatus. Even if the data can be read and written.

[Data recording processing and data reproduction processing]

Next, data recording processing for the recording medium and data reproduction processing from the recording medium in the recording / reproducing apparatus of FIG. 1 or 2 will be described with reference to the flowcharts of FIGS. 3 and 4. In the case of recording the content of the digital signal from the outside on the recording medium 195, the recording process according to the flowchart of FIG. 3A is performed. That is, when the content (digital content) of the digital signal is supplied to the input / output I / F 120 through, for example, an Institute of Electrical and Electronics Engineers (IEEE) 1394 serial bus, the input / output I / F ( 120 receives the supplied digital content and outputs it to the TS processing means 300 via the bus 110.

The TS processing means 300 generates block data in which ATS is added to each transport packet constituting the transport stream in step S302, and outputs the block data to the cryptographic processing means 150 via the bus 110.

The encryption processing means 150 executes encryption processing on the digital content received in step S303, and transmits the resulting encrypted content to the drive 190 or the recording medium I / F 210 via the bus 110. Output The encrypted content is recorded (S304) on the recording medium 195 via the drive 190 or the recording medium I / F 210 to end the recording process. In addition, the encryption process by the encryption processing means 150 is demonstrated later.

In addition, as a standard for protecting digital content when transmitting digital content between devices connected through an IEEE 1394 serial bus, 5CDTCP (Five Company Digital Transmission Content) is incorporated by five companies, including Sony Corporation, the present patent applicant. Protection (hereinafter referred to as DTCP) is defined, but in this DTCP, when transmitting digital content that is not copy-free between devices, copy control information for controlling the copy by the sender and the receiver prior to data transmission. Are authenticated as to whether or not can be handled correctly, then the digital content is encrypted and transmitted at the transmitting side, and the encrypted digital content (encrypted content) is decrypted at the receiving side.

In data transmission / reception based on this DTCP standard, the input / output I / F 120 on the data receiving side receives the encrypted content via the IEEE1394 serial bus in step S301, decrypts the encrypted content according to the DTCP standard, and plain text. After that, the content is outputted to the encryption processing means 150.

Encryption of digital content by DTCP generates time-changing keys and uses the keys. The encrypted digital content transmits on the IEEE 1394 serial bus including the key used for the encryption, and the receiving side decrypts the encrypted digital content using the key included therein.

In addition, according to the DTCP, the encrypted content includes a flag indicating the initial value of the key and the timing of change of the key used for encrypting the digital content. On the receiving side, by changing the initial value of the key included in the encrypted content at the timing of the flag included in the encrypted content, the key used for encryption is generated, and the encrypted content is decrypted. In this case, however, if the encrypted content includes a key for decrypting the same, there is no problem even if it is considered equivalent. Here, about the DTCP, the information version can be acquired in the Web page specified by the URL (Uniform Resource Locator) of http://www.dtcp.com, for example.

Next, a process in the case where the content of the analog signal from the outside is recorded on the recording medium 195 will be described according to the flowchart of FIG. 3B. When the content (analog content) of the analog signal is supplied to the input / output I / F 140, the input / output I / F 140 receives the analog content in step S321, proceeds to step S322, and contains the built-in A / D. A / D conversion is performed by the D / A converter 141 to obtain the content (digital content) of the digital signal.

This digital content is supplied to the MPEG codec 130, and in step S323, encoding processing by MPEG encoding, that is, MPEG compression is executed, and supplied to the encryption processing means 150 via the bus 110.

Hereinafter, in steps S324, S325, and S326, the same processing as that in steps S302 and S303 in FIG. 3A is performed. That is, the ATS addition to the transport packet by the TS processing means 300 and the encryption processing by the encryption processing means 150 are executed, and the resulting encrypted content is recorded on the recording medium 195 to end the recording process. do.

Next, a process of reproducing the content recorded on the recording medium 195 and outputting it as digital content or analog content will be described according to the flow of FIG. The process of outputting externally as digital content is executed as a reproduction process according to the flowchart of FIG. 4A. That is, first, in step S401, the encrypted content recorded on the recording medium 195 is read by the drive 190 or the recording medium I / F 210, and the encryption processing means 150 is read through the bus 110. Is output.

In the encryption processing means 150, in step S402, the encrypted content supplied from the drive 190 or the recording medium I / F 210 is decrypted, and the decrypted data is transmitted to the TS processing means 300 via the bus 110. Is output.

The TS processing means 300 determines the output timing from the ATS of each transport packet constituting the transport stream in step S403, executes control according to the ATS, and input / output I / F 120 via the bus 110. Supplies). The input / output I / F 120 outputs the digital content from the TS processing means 300 to the outside and ends the reproduction processing. The processing of the TS processing means 300 and the decoding processing of the digital content in the encryption processing means 150 will be described later.

In addition, when the input / output I / F 120 outputs digital content via the IEEE1394 serial bus in step S404, the device is authenticated with each other as described above in accordance with the DTCP standard. Encrypt and send the content.

When the content recorded on the recording medium 195 is reproduced and output to the outside as analog content, the reproduction processing according to the flowchart of FIG. 4B is performed.

That is, in steps S421, S422, and S423, the same processing as in the case of steps S401, S402, and S403 of FIG. 4A is performed, respectively, so that the decoded digital content obtained by the encryption processing means 150 is bus 110. FIG. Is supplied to the MPEG codec 130.                 

In the MPEG codec 130, in step S424, the digital content is subjected to MPEG decode, that is, decompression processing, is supplied to the input / output I / F 140. In step S424, the input / output I / F 140 converts the digitally decoded digital content by the MPEG codec 130 into D / A conversion (S425) by the built-in A / D and D / A converter 141 to make analog content. . In step S426, the input / output I / F 140 outputs the analog content to the outside, and ends the playback process.

[Data format]

Next, the data format on the recording medium of the present invention will be described with reference to FIG. In the present invention, the minimum unit of writing and reading data on a recording medium is called a block. One block is 192 * X bytes (for example, X = 32).

In the present invention, the ATS is added to the TS (transport stream) packet (188 bytes) of MPEG2 to 192 bytes, and X is collected into one block of data. The ATS is data indicating an incoming time of 24-32 bits, and is an abbreviation of the Arrival Time Stamp as described above. The ATS is configured as random data according to the incoming time of each packet. In one block (sector) of the recording medium, X TS (Transport Stream) packets with ATS are recorded. In the structure of this invention, the block key which encrypts the data of the block (sector) is produced using the ATS added to the 1st TS packet of each block which comprises a transport stream.

By generating an encryption block key using a random ATS, a unique key is generated for each block. Encryption processing for each block is executed using the generated block unique key. Further, by using the ATS to generate a block key, the area on the recording medium for storing the encryption key for each block becomes unnecessary, and the main data area can be effectively used. In addition, there is no need to access data other than the main data portion at the time of recording and reproducing data, and processing becomes efficient.

In addition, the block seed shown in FIG. 5 is additional information including the ATS. The block seed may also have a configuration in which copy control information (CCI) is added as well as ATS. In this case, a block key can be generated using ATS and CCI.

In the configuration of the present invention, when data is stored on a recording medium such as a DVD, most of the data of the content is encrypted, but as shown in the lowermost part of FIG. m = 8 or 16) bytes are unencrypted and written as unencrypted data, and the remaining data (after m + 1 bytes) is encrypted. This is because the encryption process is a process in units of 8 bytes, which causes a restriction on the encrypted data length (Encrypted data). In addition, if encryption process can be performed in units of 1 byte instead of 8 bytes, for example, all portions other than the block seed may be encrypted as m = 4.

[Process by TS Processing Means]

Here, the function of the ATS will be described in detail. As described above, the ATS is an incoming time stamp added to preserve the timing of appearance of each transport packet in the input transport stream.

That is, for example, when a plurality of TV programs (contents) extract one or several TV programs (contents) from multiplexed transport streams, transport packets constituting the extracted transport streams are represented at irregular intervals. (See FIG. 7A). Transport streams have a significant meaning in the timing of the appearance of each transport packet, which confuses the transport stream system target decoder (T-STD), a virtual decoder defined by the MPEG2 system (IS0 / IEC 13818-1). It is determined at the time of encoding so as not to make it.

At the time of reproduction of the transport stream, the appearance timing is controlled by the ATS added to each transport packet. Therefore, when recording a transport packet on a recording medium, it is necessary to preserve the input timing of the transport packet, and when recording the transport packet on a recording medium such as a DVD, an ATS indicating the input timing of each transport packet. Record by adding.

FIG. 6 is a block diagram for explaining processing performed by the TS processing means 300 when recording a transport stream input via a digital interface to a storage medium such as a DVD. The transport stream is input from the terminal 600 as digital data such as digital broadcasting. In FIG. 1 or FIG. 2, a transport stream is input from the terminal 600 via the input / output I / F 120, or the input / output I / F 140 and the MPEG codec 130. In FIG.

The transport stream is input to a bit stream parser 602. The bit stream parser 602 detects a PCR (Program Clock Reference) packet from the input transport stream. Here, a PCR packet is a packet which the PCR prescribed | regulated by the MPEG2 system is encoded. PCR packets are encoded at time intervals within 100 msec. PCR expresses the time of arrival at a transport packet or a receiving side with a precision of 27 MHz.

In the 27 MHz PLL 603, the 27 MHz clock of the recording and playback device is locked to the PCR of the transport stream. The time stamp generation circuit 604 generates a time stamp based on the count value of the 27 MHz clock. The block seed addition circuit 605 then adds the time stamp when the first byte of the transport packet is input to the smoothing buffer 606 as the ATS to the transport packet.

The transport packet to which the ATS is added is output from the terminal 607 to the cryptographic processing means 150 via the smoothing buffer 606, and after the cryptographic processing described later is executed, the drive 190 (Fig. 1), it is recorded on the recording medium 195 which is a storage medium via the recording medium I / F 210 (FIG. 2).

7 shows an example of processing when an input transport stream is recorded on a recording medium. Fig. 7A shows input of a transport packet constituting any particular program (content). Here, the horizontal axis is a time axis representing time on the stream. In this example, the transport packet input appears at irregular timing as shown in Fig. 7A.

FIG. 7B illustrates the output of the block seed addition circuit 605. The block seed addition circuit 605 adds a block seed including an ATS representing the time on the stream of the packet for each transport packet, and outputs a source packet. Fig. 7C shows a source packet recorded on the recording medium. The source packet is recorded on the recording medium with a gap as shown in Fig. 7C. By filling the gaps in this manner, the recording area of the recording medium can be effectively used.

FIG. 8 shows a process block diagram of the TS processing means 300 in the case of reproducing the transport stream recorded on the recording medium 195. From the terminal 800, the transport packet with the ATS decoded in the encryption processing means described later is input to the block seed separation circuit 801, and the ATS and the transport packet are separated. The timing generating circuit 804 calculates time based on the clock counter value of the 27 MHz clock 805 held by the player.

Further, at the start of reproduction, the first ATS is set to the timing generating circuit 804 as an initial value. The comparator 803 compares the ATS with the current time input from the timing generation circuit 804. When the timing at which the timing generation circuit 804 occurs and the ATS is equal, the output control circuit 802 outputs the transport packet to the MPEG codec 130 or the digital input / output I / F 120.

FIG. 9 shows a configuration in which an input AV signal is encoded by MPEG in the MPEG codec 130 of the recording / reproducing apparatus 100, and the transport stream is encoded by the TS processing means 300. As shown in FIG. Therefore, FIG. 9 is a block diagram showing both processing configurations of the MPEG codec 130 and TS processing means 300 in FIG. A video signal is input from the terminal 901, which is input to the MPEG video encoder 902.

The MPEG video encoder 902 encodes an input video signal into an MPEG video stream and outputs it to the buffer video stream buffer 903. The MPEG video encoder 902 also outputs access unit information for the MPEG video stream to the multiplex scheduler 908. An access unit of a video stream is a picture, and access unit information is a picture type, a coded bit amount, and a decode time stamp of each picture. Here, the picture type is information of an I / P / B picture. In addition, the decode time stamp is information prescribed by the MPEG2 system.

An audio signal is input from the terminal 904, which is input to the MPEG audio encoder 905. MPEG audio encoder 905 encodes the input audio signal into an MPEG audio stream and outputs it to buffer 906. The MPEG audio encoder 905 also outputs access unit information for the MPEG audio stream to the multiplex scheduler 908. An access unit of an audio stream is an audio frame, and access unit information is an encoding bit amount and a decode time stamp of each audio frame.

The multiplex scheduler 908 is inputted with access unit information of video and audio. The multiplex scheduler 908 controls the method of encoding the video stream and the audio stream into transport packets based on the access unit information. The multiplexing scheduler 908 has a clock for generating a reference time with 27 MHz precision, and satisfies T-STD, a virtual decoder model defined in MPEG2, and determines packet encoding control information of a transport packet. do. The packet encoding control information is the type of stream to be packetized and the length of the stream.

When the packet encoding control information is a video packet, the switch 976 is on the a side, and video data having a payload data length indicated by the packet encoding control information is read from the video stream buffer 903, thereby transporting the transport packet encoder 909. ) Is entered.

When the packet encoding control information is an audio packet, the switch 976 is on the b side, and audio data having the payload data length indicated by the audio stream buffer 906 is read out and input to the transport packet encoder 909.

When the packet encoding control information is a PCR packet, the transport packet encoder 909 receives the PCR input from the multiplexing scheduler 908 and outputs the PCR packet. When the packet encoding control information indicates not to encode a packet, nothing is input to the transport packet encoder 909.

The transport packet encoder 909 does not output the transport packet when the packet encoding control information indicates that the packet is not encoded. In other cases, the transport packet is generated and output based on the packet encoding control information. Therefore, the transport packet encoder 909 intermittently outputs the transport packet. Arrival time stamp calculation means 910 calculates an ATS indicating the time when the first byte of the transport packet arrives at the receiving side based on the PCR input from the multiplexing scheduler 908.                 

Since the PCR inputted from the multiplexing scheduler 908 indicates the arrival time of the 10-byte receiving side of the transport packet specified in MPEG2, the value of the ATS becomes the time when the byte 10 bytes before the arrival of the PCR arrives. .

The block seed addition circuit 911 adds the ATS to the transport packet output from the transport packet encoder 909. The ATS-attached transport packet output from the block seed addition circuit 911 is input to the encryption processing means 150 through the smoothing buffer 912, and after the encryption processing described later is executed. The recording medium 195 is stored as a storage medium.

The transport packet with the ATS attached to the recording medium 195 is input in a state where the gap is filled as shown in Fig. 7C before being encrypted by the encryption processing means 150, and then the recording medium is thereafter. 195 is stored. Even when a transport packet fills the interval, the ATS can be referred to, thereby controlling the input time of the transport packet to the receiving side.

By the way, the size of the ATS is not limited to 32 bits and may be 24 to 31 bits. The longer the bit length of the ATS, the longer the period in which the time counter of the ATS is rounded. For example, when the ATS is a 27 MHz precision binary counter, the time for which the 24-bit ATS is rounded is about 0.6 seconds. This time interval is large enough for a normal transport stream. This is because the packet interval of the transport stream is determined to a maximum of 0.1 second by the MPEG2 specification. However, the ATS may be 24-bit or larger with sufficient margin.                 

As described above, when the bit length of the ATS is set to various lengths, some configurations are possible as the configuration of the block seed as additional data of the block data. The structural example of a block seed is shown in FIG. Example 1 of FIG. 10 shows an example of using 32 bits of ATS. 10 shows an example in which ATS is 30 bits and copy control information (CCI) is used for 2 bits. The copy control information is information indicating the state of copy control of the data to which it is added, and SCMS: Serial Copy Management System and CGMS: Copy Generation Management System are famous. In these copy control information, the copy-free information indicating that the data to which the information is appended is allowed without copy, one-generation copy allowed to permit copying only one generation, and copying are allowed. Information such as copy prohibited may be displayed.

Example 3 shown in Fig. 10 is an example in which ATS is set to 24 bits, CCI is used 2 bits, and another information is used 6 bits. As other information, when this data is analog-output, various information, such as information which shows the ON / OFF of Macrovision which is a copy control mechanism of analog video data, can be used, for example.

[Tree Structure as Key Distribution Structure]

Next, a description will be given of a configuration in which the recording / reproducing apparatus shown in FIG. 1 or 2 distributes master keys necessary for recording data to or from the recording medium, to each device. Fig. 11 is a diagram showing a distribution structure of keys of the recording / reproducing apparatus in the recording system using this method. Numbers 0 to 15 shown at the bottom of Fig. 11 are individual recording and reproducing apparatuses. That is, each leaf of the tree structure shown in FIG. 11 corresponds to each recording / reproducing apparatus.

Each device 0 to 15 stores its own key (node key) assigned to the node from its own leaf to the root in the predetermined initial tree and the leaf key of each leaf at the time of manufacture (factory shipment). do. K0000 to K1111 shown in the lowermost part of FIG. 11 are leaf keys assigned to the respective devices 0 to 15, respectively, and the key described in the second section (node) from the lowermost part from the uppermost KR is taken as the node key.

In the tree structure shown in Fig. 11, for example, device 0 possesses leaf key K0000 and node keys: K000, K00, K0, KR. Device 5 owns K0101, K010, K01, K0, KR. Device 15 owns K1111, K111, K11, K1, KR. In the tree of Fig. 11, only 16 devices having 0 to 15 are described, and the tree structure is also shown as a balanced symmetrical configuration of a four-stage configuration, but more devices are configured in the tree and are different in each part of the tree. It is possible to have a singular configuration.

In addition, each record player included in the tree structure of FIG. 11 includes various types of record players using various recording media, for example, DVD, CD, MD, memory stick (trademark) and the like. It is also assumed that various application services coexist. The key distribution configuration shown in Fig. 11 is applied to the coexistence configuration of such other devices and other applications.

In a system in which these various devices and applications coexist, for example, a portion enclosed by a dotted line in Fig. 11, that is, devices 0, 1, 2, and 3 are set as one group using the same recording medium. For example, the devices included in the group enclosed by the dotted line are integrated to encrypt common content and sent from the provider, or to send a master key that is commonly used, or from each device to the provider or payment institution. The process of encrypting and outputting the payment data is also executed. An organization that performs data transmission and reception with each device, such as a content provider or a payment processing institution, performs a process of collectively sending data by enclosing the portions enclosed by the dotted lines in FIG. 11, that is, devices 0, 1, 2, and 3 as one group. Run There are a plurality of such groups in the tree of FIG.

The node key and leaf key may be collectively managed by any one key management center, or may be configured to be managed for each group by a provider, a payment institution, or the like that performs various data transmission and reception for each group. These node keys and leaf keys are updated, for example, in the case of key leakage, and the update is executed by a key management center, a provider, a payment authority, and the like.

In this tree structure, as apparent from FIG. 11, three devices 0, 1, 2, and 3 included in one group hold common keys K00, K0, KR as node keys. By using this node key sharing configuration, for example, it is possible to provide a common master key only to devices 0, 1, 2 and 3. For example, if the node key K00 itself held in common is set as the master key, only devices 0, 1, 2, and 3 can set the common master key without executing a new key sending. Furthermore, if the new Enc (K00, Kmaster) encrypted with the new master key Kmaster is stored in the devices 0, 1, 2, 3 via the network or stored in the recording medium, the devices 0, 1, 2, It is possible to obtain the master key: Kmaster by decrypting the cipher Enc (K00, Kmaster) using the shared node key K00 held in each device. In addition, Enc (Ka, Kb) indicates that the data is obtained by encrypting Kb with Ka.

Also, if it is found that the key owned by the device 3 at any time t: K0011, K001, K00, K0, KR has been interpreted and exposed by the attacker (hacker), then the system (devices 0, 1, In order to keep the data transmitted and received in groups 2 and 3, device 3 needs to be separated from the system. To do this, update the node keys: K001, K00, K0, KR with new keys K (t) 001, K (t) 00, K (t) 0, and K (t) R, respectively. You need to pass that update key. Here, K (t) aaa represents generation key of key Kaaa: t update key.

The distribution processing of the update key will be described. The key is updated by, for example, storing a table composed of block data called a key renewal block (KRB: Key Renewal Block) shown in FIG. It is executed by supplying two.

The key update block KRB shown in FIG. 12A is configured as block data having a data structure in which only a device that needs to update a node key can be updated. The example of FIG. 12 is block data formed for the purpose of distributing the update node key of generation t in devices 0, 1, and 2 of the tree structure shown in FIG. As apparent from Fig. 11, device 0 and device 1 need K (t) 00, K (t) 0 and K (t) R as update node keys, and device 2 has K (t as update node keys. ) 001, K (t) 00, K (t) 0, and K (t) R are required.

As shown in KRB of FIG. 12A, the KRB includes a plurality of encryption keys. The lowest encryption key is Enc (K0010, K (t) 001). This is an update node key K (t) 001 encrypted by leaf key K0010 owned by device 2, and device 2 can decrypt this encryption key by its leaf key and obtain K (t) 001. Further, using K (t) 001 obtained by decryption, the encryption key Enc (K (t) 001, K (t) 00) of the second stage from the bottom of Fig. 12A can be decrypted, and the update node key K (t ) 00. In the following, the second stage encryption key Enc (K (t) 00, K (t) 0) is decrypted at the top of FIG. 12A, and the first stage encryption is performed at the update node key K (t) 0 and the top of FIG. 12 (A). The key Enc (K (t) 0, K (t) R) is decrypted to obtain K (t) R. On the other hand, the device keys 0 and 1 are not included in the target of updating the node keys K000, and the K (t) 00, K (t) 0, and K (t) R are required as update node keys. Devices 0 and 1 decrypt the third encryption key Enc (K000, K (t) 00) at the top of FIG. 12A and acquire K (t) 00. Hereinafter, the second encryption key Enc (K) at the top of FIG. 12A. (t) 00, K (t) 0) and the update node key K (t) 0, the first encryption key Enc (K (t) 0, K (t) R) from the top of FIG. Obtain K (t) R. In this way, the devices 0, 1, and 2 can obtain the updated keys K (t) 00, K (t) 0, and K (t) R. In addition, the index of FIG. 12A shows the absolute address of the node key and leaf key used as a decryption key.

In the case where the update of the node keys K0 and KR at the upper end of the tree structure shown in Fig. 11 is unnecessary, and the update processing of only the node key K00 is necessary, the key update block (KRB: Key Renewal Block) shown in Fig. 12B is used. The update node key K (t) 00 can be distributed to devices 0, 1 and 2.

The KRB shown in FIG. 12B can be used, for example, when distributing a new master key shared by a specific group. As a specific example, devices 0, 1, 2, and 3 in the group shown by dotted lines in FIG. 11 use arbitrary recording media, and a new common master key K (t) master is required. At this time, a new common update master key: K (t) master encrypted data using K (t) 00 which has updated the common node key K00 of devices 0, 1, 2, and 3 Enc (K (t) , K (t) master) is distributed with the KRB shown in FIG. 12B. This distribution enables distribution as data that is not decoded in devices of other groups such as device 4.

In other words, when the devices 0, 1, and 2 decrypt the cipher text using K (t) 00 obtained by processing KRB, the master key K (t) master at time t can be obtained.

[Distribution of Master Keys Using KRB]

As an example of the process of obtaining the master key K (t) master at time point t in FIG. 13, data Enc (K (t) 00, which encrypts a new common master key K (t) master using K (t) 00; The process of device 0 which received K (t) master) and KRB shown in Fig. 12B through the recording medium is shown.

As shown in Fig. 13, the device 0 uses the node key K (by the same KRB processing as described above) using the generation of the time stored in the recording medium: the KRB at time t and the node key K000 stored in advance. t) 00 Furthermore, the decryption update key R K (t) 00 is used to decrypt the update master key K (t) master, which is encrypted and stored with its own leaf key K0000 for later use. In addition, when device 0 can securely store the renewal master key K (t) master in itself, it is not necessary to encrypt with leaf key K0000.

In addition, the acquisition process of this update master key is demonstrated by the flowchart of FIG. It is also assumed that the recording and reproducing apparatus provides the latest master key: K (c) master at the time of shipment and stores it securely (specifically, encrypted with its own leaf key, for example). .

When the recording medium in which the update master keys K (n) master and KRB are stored is set in the recording / reproducing apparatus, first of all, in step S1401, the recording / reproducing apparatus of the master key K (n) master stored in the recording medium from the recording medium. Start (generation) number: n (this is called pre-recording generation information (Generation # n)). The recording medium has previously stored the starting point (generation) number n of the master key K (n) master. In addition, the encryption master key C held by the user is read, and in step S1402, the generation of the encryption master key: c and the generation: n indicated by all recording generation information Generation # n are compared, and before and after the generation. Determine.

In step S1402, when it is determined that the generation: n indicated by the previous recording generation information Generation # n is not later than the generation of the encryption master key C stored in its memory: c (not new), that is, stored in the memory If the generated generation of the encrypted master key C: c is equal to or later than the generation: n indicated by the previous recording generation information Generation # n, then steps S1403 to S1408 are skipped to end the master key update process. In other words, in this case, since it is not necessary to update the master key K (c) master (encryption master key C) stored in its memory, the update is not performed.

On the other hand, in step S1402, if the generation indicated by the previous recording generation information Generation # n: n is determined to be later (newer) than the generation of the encryption master key C stored in the memory: c, that is, the encryption stored in the memory If the generation of the master key C is a generation before the generation n indicated by the previous recording generation information Generation # n, the flow advances to step S1403, where the recording / reproducing apparatus reads the key update block (KRB: Key Renewal Block) from the recording medium.

In step S1404, the recording and reproducing apparatus includes the KRB read in step S1403, the leaf key (K0000 in device 0 in FIG. 11) and the node key (K000, K00 in device 0 in FIG. 11) stored in the memory. ), The key K (t) 00 of the node 00 at the time of the previous recording generation information Generation # n (t in Fig. 13) is calculated.

In step S1405, it is checked whether K (t) 00 can be obtained in step S1404. If it cannot be obtained, it indicates that the recording and reproducing apparatus is excluded from the group of the tree structure at that time, and the steps S1406 to S1408 are skipped to terminate the master key update process.

If K (t) 00 can be obtained, go to step S1406 and use the Enc (K (t) 00, K (t) master), i.e., K (t) 00 from the recording medium, to obtain the master key at time t. Read the encrypted value. In step S1407, this ciphertext is decrypted using K (t) 00 to calculate K (t) master.                 

In step S1408, the K (t) master is encrypted and stored in the memory using its own leaf key (K0000 in device 0 of FIG. 11). This completes the update process of the master key.

By the way, although the master key is used in ascending order from the time point (generation) 0, it is preferable that the configuration of each device in the system is required by calculating the master key of the old generation from the master key of the new generation. That is, the recording / reproducing apparatus holds the unidirectional function f, and by applying the master key owned to the unidirectional function f by the number of times corresponding to the difference between the generation of the master key and the generation of the required master key, , Create a master key for the household that was examined.

Specifically, for example, the generation of the master key MK stored in the recording / reproducing apparatus is generation i + 1, and the generation of the master key MK (used at the time of recording) required for reproduction of arbitrary data is generation i-1. In this case, the master key K (i-1) master is generated by calculating the f (f (K (i + 1) master)) by using the one-way function f twice in the recording / reproducing apparatus.

In addition, when the generation of the master key stored in the recording / reproducing apparatus is generation i + 1 and the generation of the required master key is generation i-2, the master key K (i-2) master executes the unidirectional function f three times. By using f (f (f (K (i + 1) master))).

Here, as the one-way function, for example, a hash function can be used. Specifically, for example, MD5 (Message Digest 5), SHA-1 (Secure Hash Algorithm-1), or the like can be adopted. The key issuing authority that issues the keys can use these unidirectional functions to generate master keys K (0) master, K (1) master, K (2) master, and so on. Obtain K (N) master beforehand. That is, first of all, the master key K (N) master of the Nth generation is first set, and the one-way function is applied to the master key K (N) master once, so that the master key K (N− 1) master, K (N-2) master,… Create K (1) master and K (0) master sequentially. Then, they are used in order from the smaller (previous) master key K (0) master. In addition, the one-way function used to generate the master key of the generation before the generation is assumed to be set in all the recording and reproducing apparatuses.

As a one-way function, for example, it is also possible to employ a public key cryptography technique. In this case, the key issuing authority owns the public key cryptographic secret key, and provides the public key for the secret key to all playback devices. The key issuing authority sets the master key K (0) master of the 0th generation and uses it from the master key K (0) master. In other words, when the master key K (i) master after the first generation is needed, the key issuing authority generates and uses the master key K (i-1) master before the first generation by converting it into a secret key. In this case, the key issuer does not need to generate the N generation master key in advance by using a one-way function. In addition, this method can theoretically generate an unlimited number of generations of master keys. If the recording / reproducing apparatus has a master key of any generation, the master key of the generation before the generation can be obtained by converting the master key to a public key.

Next, the processing of the recording and reproducing apparatus in the case where the recording and reproducing apparatus records the contents on its own recording medium will be described using the flowchart of FIG. The content data is encrypted by any generation master key and distributed from the content provider to each recording / playback apparatus via a network or a recording medium.

First, in step S1501, the recording and reproducing apparatus reads out all recording generation information Generation # n from the recording medium. Further, a generation c of the encryption master key C stored in its memory is acquired. In step S1502, the generation c of the encryption master key is compared with the generation n indicated by all recording generation information Generation # n. Determine before and after generations.

In step S1502, when it is determined that the generation c of the encryption master key C stored in the memory is not after the generation n indicated by all recording generation information Generation # n, that is, the generation c of the encryption master key C stored in the memory is recorded before. In the case of a generation older than the generation n indicated by the generation information Generation # n, step S1503 is skipped, i.e., the process ends without recording the content data.

On the other hand, in step S1502, when it is determined that the generation of the encryption master key C stored in the memory in the own recording and reproducing apparatus is after the generation n indicated by the previous recording generation information Generation # n, that is, the encryption master key C stored in the memory If the generation of is equal to or newer than the generation n indicated by the previous recording generation information Generation # n, the flow advances to step S1503 to perform the process of recording the content data.

[Content data encryption and record processing by master key with generation management]

Hereinafter, a description will be given of a process of executing content data encryption processing by a master key subjected to generation management and storing it in its own recording medium. In addition, here, a description will be given of a process of generating a block key based on data using the master key managed generation by generating the data constituted by the transport stream described above, encrypting the content data with the block key, and storing the data in the recording medium. . In addition, a configuration in which the recording / reproducing apparatus can make settings that can reproduce the data recorded on the recording medium in other reproducing apparatuses and the setting that cannot be reproduced will be described as an example.

It demonstrates using the process block diagram of FIG. 16, FIG. 17, and the flowchart of FIG. Here, an optical disk is taken as an example of a recording medium. In this embodiment, in order to prevent bit-by-bit copying of data on the recording medium, the disc ID (Disc ID) as identification information unique to the recording medium is made to act as a key for encrypting the data.

According to the processing block diagrams of FIGS. 16 and 17, the outline of the encryption processing of data executed by the encryption processing means 150 will be described.

The recording and reproducing apparatus 1600 reads out the master key 1601 stored in its memory 180 (see Figs. 1 and 2), the device ID 1631 as the device identifier, and the device unique key 1632. The master key 1601 is a secret key stored in a licensed recording / reproducing apparatus, and generation management is performed as described above, and a generation number is associated with each other. This master key is a key common to a plurality of recording and reproducing apparatuses, for example, a key common to a device belonging to a group of dotted line frames shown in FIG. The device ID is an identifier of the recording and reproducing apparatus 1600, and is, for example, an identifier such as a manufacturing number previously stored in the recording and reproducing apparatus. This device ID may be disclosed. The device specific key is a secret key unique to the recording and reproducing device 1600, and is a key which is previously set and stored differently according to each recording and reproducing apparatus. These are stored in the memory of the recording / reproducing apparatus 1600 in advance.

The recording and reproducing apparatus 1600 checks whether or not a disc ID (Disc ID: 1603) as identification information has already been recorded on the recording medium 1620, which is an optical disk, for example. If it is recorded, the disc ID (Disc ID: 1603) is read (equivalent to FIG. 16), and if it is not recorded, the encryption processing means 150 randomly or predetermined methods such as random number generation Disc ID (Disc ID: 1701) is generated and recorded on the disc (corresponding to Fig. 17). Since only one disc ID (Disc ID: 1603) may be present on the disc, it is also possible to store it in the lead-in area or the like.

The record player 1600 next generates 1602 a disc unique key using the master key and the disc ID. As a specific method for generating a disc unique key, a result obtained by inputting a master key and a disc ID into a hash function using a block cipher function as shown in FIG. Input the data generated by the bit connection between the master key and the disc ID (Disc ID) into the method of Example 1 to be used or the hash function SHA-1 defined in FIPS 180-1, and only the required data length is obtained from the 160-bit output. The method of Example 2 used as a Disc Unique Key can be applied.

Next, a title key, which is a unique key for each recording, is generated randomly by the encryption processing means 150 (see FIGS. 1, 2, and the like) or by a method such as random number generation (predetermined). 1604, and writes to disc 1620.                 

In addition, a flag indicating whether the title (data) can be reproduced only in a recording / reproducing apparatus that has performed data recording (with a device limitation), or also with other equipment (without a playback device limitation), that is, playback A Player Restriction Flag is set (1633) and recorded on the disk 1620 (1635). Further, the device ID as the device identification information is extracted (1631) and recorded on the disk 1620 (1634).

In addition, a generation number of the master key to be used, that is, a generation number (generation number (Generation # n) at the time of recording)) 1650 of the master key stored therein is obtained, and the generation number (when recording this to the recording medium 1620) ( 1651).

On the disc, there is a data management file in which information such as which data constitutes which title is stored. The file includes the title key 1605, the playback device restriction flag 1635, the device ID 1634, and the generation number of the master key [ Generation number (Generation # n)] 1651 can be stored during recording.

In the recording medium 1620, a pre-recording generation number is stored in advance, and reproduction of only contents stored by encrypting using a master key of a generation that is the same as or earlier than the previous generation number is stored. It is configured to enable. This configuration will be described in the regeneration processing column at the next stage.

Then, from a disc unique key and a title key, a device ID, or a disc unique key and a title key and a device unique key, a combination of any one of the following: Create a Title Unique Key.

In other words, when the playback device is not restricted, a disc unique key and a title key and a title unique key are generated from the device ID. A Title Unique Key is generated from a Disc Unique Key, a Title Key, and a Device Unique Key.

As a specific method of generating a Title Unique Key, as shown in Fig. 21, a Title Key, a Disc Unique Key, and a Device ID (HID) are used in a hash function using a block cipher function. In the example 1 method of using the result obtained by inputting a device specific key (when a device is not restricted) or a device specific key (when a device is restricted) or a hash key SHA-1 defined in FIPS 180-1, the master key and disk ID are used. Input the data generated by the bit connection between the (Disc ID) and the device ID (if the playback device is not restricted) or the device unique key (if the playback device is restricted), and only the required data length is output from the 160-bit output. The method of Example 2 used as a Title Unique Key can be applied.

In the above description, a Disc Unique Key is generated from a Master Key and a Disc ID, and this and a Title Key, a Device ID, or a Title Key (Title) are generated. Although a Title Unique Key is generated from a Key and a Device Unique Key, the Master Key, Disc ID, and Title Key are made unnecessary by the Disc Unique Key. The Title Unique Key may be generated directly from the (Title Key), the Device ID, or the Device Unique Key, and the Master Key and the Disc ID (Disc) without using the Title Key. A key corresponding to a Title Unique Key may be generated from the ID, the device ID (when the playback device is not restricted) or the device unique key (when the playback device is restricted).

By the way, for example, when one of the transmission formats specified in 5CDTCP described above is used, data may be transmitted in TS packets of MPEG2. For example, when a set top box (STB) receiving a satellite broadcast transmits the broadcast to the recorder using 5CDTCP, the STB transmits the MPEG2 TS packet transmitted to the satellite broadcast channel by IEEE1394. It is also preferable that no data conversion is necessary.

The recording / reproducing apparatus 1600 receives the content data to be recorded in the form of this TS packet, and in the above-described TS processing means 300, adds ATS which is time information for receiving each TS packet. As described above, the block seed added to the block data may be configured by a combination of ATS, copy control information, and other information.

By arranging X TS packets (for example, X = 32) to which ATS is added, block data of one block is formed (see the figure above in FIG. 5), and as shown in the lower ends of FIGS. 16 and 17, A block seed containing a 32-bit ATS that is output by separating the first to fourth bytes of the block data input as the encrypted data (selector 1608), and the title unique key generated first. Unique Key, a block key, which is a key for encrypting data of the block, is generated (1607).                 

An example of the method of generating a block key is shown in FIG. In Fig. 22, two examples show generation of a 64-bit block key from a 32-bit block seed and a 64-bit title unique key.

Example 1 shown above uses a cryptographic function of 64 bits in key length and 64 bits in input / output. The title unique key is used as the key of this encryption function, and the result of encrypting by inputting the value of the block seed and the 32-bit constant is input as the block key. .

Example 2 is an example using the hash function SHA-1 of FIPS 180-1. Enter the value that connects Title Unique Key and Block Seed to SHA-1, and the output of 160 bits is reduced to 64 bits, for example, using only the lower 64 bits. It is set as a block key.

In the above description, an example of generating a disc unique key, a title unique key, and a block key has been described. For example, a disc unique key and a title are described. Instead of generating a Title Unique Key, a Master Key, Disc ID, Title Key, Block Seed, and Device ID (playback device) for each block. A block key may be generated by using no limitation) or by using a device specific key (when restricting playback equipment).

When the block key is generated, the block data is encrypted using the generated block key. As shown at the bottom of Figs. 16 and 17, the first to mth bytes (for example, m = 8 bytes) of the head of the block data including the block seed are separated (selector) 1608. The data from the m + 1th byte to the final data is encrypted (1609) without making it an encryption target. In addition, m bytes which are not encrypted include the first to fourth bytes as block seeds. Block data after the m + 1 byte separated by the selector 1608 is encrypted 1609 according to an encryption algorithm set in advance in the encryption processing means 150. As an encryption algorithm, the DES (Data Encryption Standard) prescribed | regulated by FIPS 46-2 can be used, for example.

Here, when the block length (input / output data size) of the encryption algorithm to be used is 8 bytes as in DES, X is 32 for example and m is a multiple of 8, for example. The entire block data afterwards can be encrypted.

In other words, when the number of TS packets stored in one block is X, the input / output data size of the encryption algorithm is L bytes, and n is any natural number, 192 * X = m + n * L is established. By determining m, L, singular processing is unnecessary.

The encrypted block data after the m + 1 byte is combined by the selector 1610 together with the first to mth byte data which are not encrypted, and stored in the recording medium 1620 as the encrypted content 1612.

By the above processing, the content is encrypted on a block basis, and is encrypted with a block key generated based on a generation-managed master key, a block seed containing ATS, and the like, and stored in the recording medium.                 

As described above, in this configuration, since the content data is encrypted and stored in the recording medium by the generation-managed master key, the reproduction processing of the recording medium in another recording / reproducing device is performed when at least the same generation or data is recorded. The recording player having a generation newer than that of the used master key is a condition for decoding, that is, reproducing.

As described above, the block key is generated based on the device ID when the playback device is not restricted, and based on the device unique key when the playback device is restricted. These encrypted data can be played back only on the device that recorded the data when the playback device is restricted.

That is, when there is no restriction on the reproduction apparatus, a block key which is an encryption key of the block data is generated based on the data including the device ID, and the device ID is stored in the recording medium. Therefore, the device which is going to reproduce the content on the recording medium can acquire the device ID from the recording medium, and it is possible to generate the same block key, so that the block data can be decrypted. However, in the case of a playback device limitation, a block key which is an encryption key of block data is generated based on the data including the device unique key. This device unique key is a secret key that varies from device to device, and other devices cannot obtain the key. In addition, when the block data is encrypted and stored in the recording medium, the writing process of the device unique key to the recording medium is not executed. Therefore, even if a recording medium storing encrypted block data is mounted in another reproducing apparatus, the same device unique key cannot be obtained, and thus a decryption key for decrypting the block data cannot be generated and cannot be decrypted and reproduced. In addition, the detail of a reproduction process is mentioned later.

Next, the processing flow of the ATS addition processing in the TS processing means 300 and the encryption processing in the encryption processing means 150 executed in accordance with the data recording process will be described according to the flowchart shown in FIG. In S1801 in Fig. 18, the recording and reproducing apparatus reads out the master key stored in its memory 180, the device ID as the device identifier, and the device unique key.

In S1802, it is checked whether or not a disc ID (Disc ID) as identification information is already recorded on the recording medium. If recorded, the disk ID is read in S1803. If not, the disk ID is generated in random or a predetermined method in S1804, and recorded in the disk. Next, in S1805, a disk unique key is generated using the master key and the disk ID. As described above, the disk unique key is obtained by applying a method using a hash function SHA-1 defined in FIPS 180-1, a method using a hash function based on a block cipher, or the like.

Subsequently, the procedure proceeds to S1806, where a Title Key as a unique key for each recording, a Player Restriction Flag, a device ID as device identification information, and a generation number of a master key are extracted. Write to disk. Next, in S1807, a title unique key is generated from the disc unique key and title key and the device ID (if playback device restriction is not performed) or device unique key (when playback device restriction is performed).

20 shows a detailed flow of generating a title unique key. In step S2001, the encryption processing means 150 determines whether or not to limit the playback apparatus. This determination is made based on the instruction data input by the user using the recording player or the usage restriction information added to the content.

If the determination of S2001 is No, that is, no playback device restriction, the process proceeds to step S2002, in which the title unique key is determined from the disc unique key, the title key, and the device ID. Create

If the determination of S2001 is Yes, that is, the playback device is restricted, the flow advances to step S2003 to generate a Title Unique Key from the Disc Unique Key and Title Key and the Device Unique Key. do. Key generation uses SHA-1 or a hash function based on block ciphers.

In S1808, the recording / reproducing apparatus receives the encrypted data of the content data to be recorded in the form of a TS packet. In S1809, the TS processing means 300 adds ATS which is time information when each TS packet is received. Alternatively, a value obtained by combining the copy control information CCI and ATS and another information is added. Next, in S1810, TS packets to which the ATS is added are sequentially received, and it is determined whether, for example, X = 32 which forms one block has been reached or identification data indicating the end of the packet has been received. If either condition is satisfied, the flow advances to step S1811 to enumerate X packets or packets until the end of the packet to form one block of block data.                 

Next, the encryption processing means 150 generates a block key which is a key that encrypts the data of the block from the first 32 bits (block seed containing ATS) of the block data in S1812 and the title unique key generated in S1807.

In S1813, the block data formed in S1811 is encrypted using the block key. As described above, the object of encryption is from the m + 1 byte of the block data to the final data. As an encryption algorithm, the DES (Data Encryption Standard) prescribed by FIPS 46-2 is applied, for example.

The block data encrypted in S1814 is recorded in the recording medium. It is determined whether all data has been recorded in S1815. If all data has been recorded, the recording process ends. If all data has not been recorded, the process returns to S1808 and the remaining data is executed.

[Content Data Decoding and Playback Processing by Master Key with Generation Management]

Next, a process of decoding and reproducing the encrypted content recorded on the recording medium as described above will be described using the process block diagram of FIG. 23 and the flowcharts of FIGS. 24 to 26.

Referring to the process block diagram of FIG. 23, the flow of processing will be described with respect to the decoding process and the reproduction process according to the flowchart shown in FIG. 24. In S2401 of FIG. 24, the recording / reproducing apparatus 2300 reads the disc ID 2302 and the pre-recording generation number from the disc 2320, and also reads the master key 2301 and the device from its memory. The device ID 2331 and the device unique key 2332 are read as the identifier. As is apparent from the description of the previous recording process, the disc ID is a disc unique identifier previously recorded on the disc or otherwise generated by the record player and recorded on the disc.

Pre-recording generation number 2360 is disc-specific generation information stored in a disc which is a recording medium in advance. The pre-recording generation number and the generation number of the master key at the time of data recording, that is, the generation number 2350 at the time of recording are compared to control whether or not reproduction processing is possible. The master key 2301 is a secret key stored in a licensed recording and reproducing apparatus and subjected to generation management, the device ID is an identifier unique to the recording and reproducing apparatus, and the device unique key is a secret key unique to the recording and reproducing apparatus.

The recording / reproducing apparatus 2300 next uses the title key of the data to be read from the disc in S2402, the device ID of the recording / reproducing device that recorded this data, the playback device restriction flag set corresponding to the data, and the data. The generation number (Generation #) of the master key, that is, the generation number 2350 at the time of writing is read. Next, it is determined whether or not the data to be read in S2403 can be reproduced. 25 shows a detailed flow of the judgment.

In step S2501 of FIG. 25, the recording and reproducing apparatus determines the new generation of the previous generation number read in S2401 and the generation number at the time of recording read in S2402. When the generation indicated by the generation number at the time of recording is determined not to be after the generation indicated by the previous recording generation information, that is, when the generation indicated by the generation information at the time of data recording is a generation older than the generation indicated by the previous recording generation information, playback is not possible. The determination is made, and steps S2404 to S2409 are skipped to end the processing without performing the reproduction processing. Therefore, when the content recorded on the recording medium is encrypted based on the master key of the generation older than the generation indicated by the previous recording generation information, the reproduction is not permitted and the reproduction is not performed.

In other words, this processing is judged to be a case where data is encrypted based on the old generation master key and recorded on the recording medium in an illegal recording device in which an illegality is detected and the latest generation master key is not provided. The processing is that the recording medium on which data is recorded by such an illegal apparatus is not reproduced. As a result, use of an illegal recording device can be eliminated.

On the other hand, in step S2501, when it is determined that the generation indicated by the generation number at the time of recording is after the generation indicated by the previous recording generation number, that is, the generation indicated by the generation information at the time of recording is the same as or new to the generation n indicated by the previous recording generation number. Generation, and if the content recorded on the recording medium is encrypted based on the master key of the generation after the generation indicated by all recording generation information, the flow advances to step S2502, where the recording and reproducing apparatus stores its memory. Generation information of the existing encryption master key C is obtained, and the generation of the encryption master key and the generation indicated by the encryption time generation information are compared to determine the generation before and after the generation.

In step S2502, if it is determined that the generation of the master key C stored in the memory is not after the generation indicated by the generation information at the time of recording, that is, the generation of the master key C stored in the memory is older than the generation indicated by the generation information at the time of recording. If not, it is determined that reproduction is impossible, and the processing is ended without performing the reproduction processing by skipping steps S2404 to S2409.

On the other hand, in step S2502, when it is determined that the generation of the encryption master key C stored in the memory is after the generation indicated by the generation information at the time of recording, that is, the generation indicated by the generation information when the generation of the master key C stored in the memory is recorded. Is equal to or newer than step S1, the process proceeds to step S2503, and it is checked whether or not the data to be read is recorded restricted to the reproduction device.

In step S2503, it is determined whether the playback device limitation information indicated by the read playback device restriction flag is set to "with playback device restriction." If yes, in step S2504, it is determined whether or not the device ID read from the recording medium and the own device ID match. If it matches, it is determined that playback is possible. In step S2503, it is determined that playback is possible even when it is determined that the setting is not "with a playback device restriction." If the playback device restriction information indicated by the read playback device restriction flag is "with playback device restriction" and "the device ID read from the recording medium does not match its own device ID", it is determined that playback is impossible.

If it is determined that reproduction is possible, the flow advances to step S2404. In S2404, a disc unique key is generated using a disc ID and a master key (2303). This key generation method inputs the data generated by the bit connection between the master key and the disc ID (Disc ID) to the hash function SHA-1 defined in FIPS 180-1, for example, and outputs the 160 bits. To use only the required data length as the Disc Unique Key, or to use the result obtained by inputting the Master Key and the Disc ID into a hash function using the block cipher function. For example. The master key used here is the master key of the generation (point in time) indicated by the generation number at the time of recording the data read from the recording medium in S2402. If the recording / reproducing apparatus holds a master key of a generation newer than this, the master key of the generation indicated by the generation number at the time of recording is created using the above-described method, and the disc unique key is used to generate the master key. You may create it.

Next, in S2405, a title unique key is generated. 26 shows a detailed flow of generation of the title unique key. In step S2601, the encryption processing means 150 determines whether or not the playback device is restricted. This determination is performed based on the playback device restriction flag read from the disc.

The device ID 2334 of the recording / player recording the data and the playback device restriction flag 2335 set corresponding to the data are read out, and the playback device restriction information indicated by the read playback device restriction flag 2335 is &quot; playback device restriction. "The device ID 2334 read from the recording medium and its own device ID 2331 match", or the playback device restriction information indicated by the read playback device restriction flag 2333 is "No playback device restriction." In this case, the playback device restriction information indicated by the read playback device restriction flag 2333 is &quot; with playback device restriction &quot; and &quot; device ID 2334 read from the recording medium matches its own device ID 2331. If not, playback is impossible.

In the case where reproduction becomes impossible, the data is encrypted by a block key generated based on the device unique key of the recording player that recorded the data, and recording players other than the recording player that recorded the data do not have the same device unique key. In this case, the block key for decoding the data cannot be generated.

In the case of playback, the disc unique key and the title key, the device ID or the disc unique key and the title key and the combination of the device unique key Generates a Title Unique Key.

That is, in the case of the setting that does not restrict playback devices, a setting for generating a title unique key from a disc unique key and a title key and a device ID to restrict playback devices In this case, a Title Unique Key is generated from a Disc Unique Key, a Title Key, and its own Device Unique Key. As the key generation method, a hash function using a hash function SHA-1 and a block cipher function can be applied.

It demonstrates according to the flow of FIG. If the determination of S2601 is No, that is, a setting that does not restrict playback equipment, the flow advances to step S2602, where the Title Unique Key is derived from the Disc Unique Key, Title Key, and Device ID. )

If the determination of S2601 is Yes, i.e., the playback device is to be restricted, the process proceeds to step S2603, where the title unique key is derived from the disc unique key and the title key and the device unique key owned by the recording and playback device. Create a Title Unique Key. Key generation uses SHA-1 or a hash function based on block ciphers.

In the above description, a Disc Unique Key is generated from a Master Key and a Disc ID, and this and a Title Key, a Device ID, or a Title Key are generated. ), But a Title Unique Key is generated from the Device Unique Key, but the Master Unique Key, Disc ID, and Title Key ( You can create a Title Unique Key directly from a Title Key, a Device ID, or a Device Unique Key, or use a Master Key and a Disc ID without using a Title Key. And a key corresponding to a Title Unique Key may be generated from the device ID (when the playback device is not restricted) or the device unique key (when the playback device is restricted).

Next, in step S2406, block data is read sequentially from the encrypted content 2312 stored encrypted from the disk, and in block S2407, the block seed of the first four bytes of the block data is sent to the selector 2310. In this case, a block key is generated using a block seed and a title unique key generated in S2405.

The above-described configuration of FIG. 22 may be applied to a method of generating a block key. That is, a configuration for generating a 64-bit block key from a 32-bit block seed and a 64-bit title unique key can be applied.

In the above description, an example of generating a disc unique key, a title unique key, and a block key has been described. For example, a disc unique key and a title are described. Instead of generating a Title Unique Key, each block has a Master Key, a Disc ID, a Title Key, a Block Seed, and a Device ID (Playback). A block key may be generated using the device limitation, or the device specific key (if the playback device is restricted).

When the block key is generated, next at S2408, the block data encrypted using the block key is decrypted 2309, and output as decrypted data via the selector 2308. In the decoded data, ATS is added to each transport packet constituting the transport stream, and in the above described TS processing means 300, stream processing based on the ATS is executed. Thereafter, the data can be used, for example, to display an image or to play music.

In this way, the encrypted content encrypted in units of blocks and stored in the recording medium is decoded by a block key generated on the basis of a block seed including ATS in units of blocks, thereby enabling playback. The block data encrypted using the block key is decrypted, it is determined whether all data has been read in S2409, and if all data have been read, the process ends. Otherwise, the process returns to S2406 to read the remaining data.

[Configuring Processing with Media Keys Valid for Recording Media Only]

By the way, in the above embodiment, the master key is transmitted to each recording and reproducing apparatus using the key update block KRB: Key Renewal Block, and the recording and reproducing apparatus records and reproduces the data.

The master key is a valid key for the entire recording of the data at that point in time, and a recording / reproducing apparatus capable of obtaining a master key at any point in time can decode data recorded in this system before and after that point in time. However, there is a problem in that the effect of the master key being exposed to the attacker has a whole system due to its nature of being valid throughout the system.

On the other hand, as a key transmitted using the KRB (Key Renewal Block) of the recording medium, it is also possible to set not only a master key valid for all systems but also a media key valid only for the recording medium. In the following, a method of using a media key in place of the master key in the second embodiment will be described. Only the first embodiment and the changed parts will be described.

In Fig. 27, as an example similar to that of Fig. 13, the update node key K (t) is obtained using KRB at time t stored in device 0 and the leaf keys K0000 and node keys K000 and K00 stored in advance. ) 00, and using it to obtain an update media key: K (t) media. K (t) media obtained here is used for recording and reproducing data of the recording medium.

The previous recording generation number (Generation # n) in FIG. 27 is set as an option, not a necessity, because the media key does not have the concept of a new generation like the master key.

Each recording / reproducing apparatus calculates a media key for the recording medium: K (t) media by the flowchart shown in FIG. 28 when the recording medium is inserted into the recording / reproducing device, for example, for recording or reproducing data. It is used later to access the recording medium.

The reading of the KRB of step S2801 of FIG. 28 and the processing of the KRB of S2802 are the same processes as that of steps S1403 and S1404 of FIG. 14, respectively.

In step S2803, the recording / reproducing apparatus reads the cipher text Enc (K (t) 00, K (t) media), which encrypts the media key K (t) media with the node key K (t) 00, from the recording medium, and in step S2804. Decrypt this to get the media key. If this recording and reproducing apparatus is excluded from the group of the tree structure shown in Fig. 11, no media key can be obtained and recording and reproduction on the recording medium cannot be performed.

Next, processing of recording data on the recording medium will be described. However, since there is no concept of generation or newness in the media key like the master key, in the first embodiment, all recording generation information and recording shown in FIG. 15 are recorded. It is judged that recording can be performed if a media key is obtained in the above processing without checking whether or not recording is possible by comparing generations of master keys stored by the reproduction apparatus itself. That is, the processing flow shown in FIG. 29 is the same. The processing flow of Fig. 29 determines the acquisition of the media key in S2901, and executes the recording process of the capacitor in step S2902 only when it is acquired.

[Recording Processing of Data Using a Media Key Valid Only for Recording Media]

A mode of recording of content data will be described using the block diagrams of FIGS. 30 and 31 and the flowchart of FIG. 32.

In this embodiment, as in the first embodiment, an optical disc is taken as the recording medium. In this embodiment, in order to prevent bit-by-bit copying of data on the recording medium, the disc ID (Disc ID) as identification information unique to the recording medium is also made to act as a key for encrypting the data.

30 and 31 are diagrams corresponding to FIGS. 16 and 17 in the first embodiment, respectively, and differ in that a media key is used in place of the master key, and the generation of the master key. The difference is that no generation number (Generation #) is used for recording. The difference between FIG. 30 and FIG. 31 is a difference between whether or not writing of the disk ID is performed similarly to the difference of FIG. 16 and FIG.

32 shows data recording processing in the present embodiment using the media key, which corresponds to the flowchart of FIG. 18 of the first embodiment. Hereinafter, the process flow of FIG. 32 is demonstrated focusing on difference with Example 1. FIG.

In S3201 of FIG. 32, the recording and reproducing apparatus 3000 calculates and stores temporarily the device identification information (Device ID), the device unique key stored in its own memory, and S2804 of FIG. The media key K (t) media being read is read.                 

In S3202, the recording and reproducing apparatus checks whether or not a disc ID (Disc ID) as identification information has already been recorded on the recording medium (optical disk 3020). If recorded, the disc ID (Disc ID) is read (equivalent to FIG. 30) in S3203. If not recorded, the disc ID (Disc ID) is generated randomly or in a predetermined manner in S3204, and the disc is recorded. (Corresponds to Fig. 31). Since only one disc ID (Disc ID) may be present on the disc, it can be stored in the lead-in area or the like. In either case, the flow advances to S3205 next.

In S3205, a disc unique key is generated using the media key and the disc ID read in S3201. As a specific method of generating a Disc Unique Key, a media key may be used in place of the master key in the same manner as the method used in the first embodiment.

Subsequently, the procedure proceeds to S3206, in which a unique key: Title Key is generated randomly or in a predetermined manner for each recording and recorded on the disc. At the same time, a playback device restriction flag (Player Restriction) as information indicating whether this title (data) can be played back only on the recorded device (restricts the playback device) or can be played back on other devices (the playback device is not limited). Flag) and device identification information (Device ID) owned by the recording device.

On the disk, there is a data management file in which information such as which data constitutes which title, etc., is stored, and a title key, a player restriction flag, and device identification information (Device ID) can be stored in the file.                 

Steps S3207 to S3215 are the same as those of S1807 to S1815 in Fig. 18, and thus description thereof is omitted.

In the above description, a Disc Unique Key is generated from a Media Key and a Disc ID, and this and a Title Key, a Device ID, or a Title Key are generated. ), But a Title Unique Key is generated separately from the device unique key, but the Disc Unique Key is unnecessary, so that the Media Key, Disc ID and Title Key ( A Title Unique Key may be generated directly from a Title Key, a Device ID, or a Device Unique Key, and a Media Key and Disc ID may be used without using a Title Key. ) And a key corresponding to a Title Unique Key may be generated from the device ID (when playback device is not restricted) or device unique key (when playback device is restricted).

As described above, data can be recorded on the recording medium using the media key.

[Processing of Reproducing Data Using a Media Key Valid Only for Recording Media]

Next, the state of the process of reproducing the data recorded as described above will be described using the block diagram of FIG. 33 and the flowchart of FIG. 34.

FIG. 33 is a diagram corresponding to FIG. 23 in the first embodiment, in which a media key is used in place of the master key, and therefore a generation number (Generation #) is omitted during recording. different.                 

In S3401 of FIG. 34, the recording / reproducing apparatus 3400 uses the disk ID (Disc ID) from the disk 3420, which is the recording medium, and the device ID (Device ID) and the own device identification information as its own device identification information from its memory. The device unique key, which is the device unique key, and the media key calculated and stored in S2804 of FIG. 28 are temporarily read.

When the recording medium is inserted, the processing shown in Fig. 28 is performed, and if the media key cannot be obtained, the processing is terminated without performing the reproduction processing.

Next, in S3402, a Title Key of data to be read from the disc, a Device ID of the device that recorded the data, and a Player Restriction Flag of this data are read.

Next, in S3403, it is determined whether or not this data can be reproduced. The detail of the process of S3403 is shown in FIG.

In step S3501, it is determined whether or not a media key can be obtained. If the media key cannot be obtained, reproduction becomes impossible, and if the media key can be obtained, the flow proceeds to step S3502. The processing of steps S3502 and S3503 is the same as that of S2503 and S2504 in Fig. 25, respectively, and the state of the reproduction device restriction indicated by the Player Restriction Flag is &quot; reproduction device restricted &quot; When two conditions, "the recorded device is not itself," overlap by the device ID (Device ID) of the read-out recorded device and its own device ID (Device ID) read from the memory in S3401, "playback is impossible." And skips the steps S3404 to S3409, terminates the process without performing the reproducing process, and otherwise proceeds to S3404 by determining that it is "playable".

Since the processing of steps S3404 to S3409 is the same as that of S2404 to S2409 in FIG. 24, description thereof is omitted.

In the above description, a Disc Unique Key is generated from a Media Key and a Disc ID, and this and a Title Key, a Device ID, or a Title Key are generated. ), But a Title Unique Key is generated separately from the device unique key, but the Disc Unique Key is unnecessary, so that the Media Key, Disc ID and Title Key ( A Title Unique Key may be generated directly from a Title Key, a Device ID, or a Device Unique Key, and a Media Key and a Disc ID without using a Title Key. And a key corresponding to a Title Unique Key may be generated from the device ID (when the playback device is not restricted) or the device unique key (when the playback device is restricted).

As described above, data can be recorded on the recording medium and reproduced from the recording medium.

[Process for Saving Key Update Block (KRB) to the Recording Medium by the Recording / Reproducing Device]

By the way, in the above-described example, an example in which a key update block: KRB (Key Renewal Block) has been previously stored in the recording medium is shown. As shown in FIG. 36, the recording / reproducing apparatus 3600 uses the input / output I / F ( 120, 140, KRB (Key Renewal Block) received from another device via a modem 3601, etc., on the recording medium each time data is first recorded on or on the recording medium. You can do it together.

That is, for example, in the first embodiment, as shown in Fig. 37, the recording and reproducing apparatus is previously provided with a key update block: KRB (via input / output I / F 120, 140, modem 361, etc.). Key Renewal Block) and a cipher text obtained by encrypting the master key with the node key, and are stored in the memory 180, which is a storage means thereof, and processed according to the flowchart shown in FIG. 38 when recording the content data on the recording medium. It is good also as a structure to make.

The process flow of FIG. 38 is demonstrated. In step S3801, it is checked whether or not a key update block: KRB (Key Renewal Block) has already been recorded on the recording medium on which data is to be recorded. If a key update block: KRB (Key Renewal Block) has already been recorded on the recording medium, step S3802 is skipped (proceeds to data recording processing), but if not recorded, the process proceeds to step S3902. As shown in Fig. 39, a process of recording a key update block: KRB (Key Renewal Block) stored in its own storage means, for example, the memory 180, and a ciphertext encrypted with a master key on a recording medium. . After execution of the process, the process proceeds to the process of recording the content data.

This method is not specific to the master key, but can of course be applied to the recording method using the media key as in the second embodiment, for example.

[Copy Control in Record Processing]                 

However, in order to protect the interests of the copyright holder or the like of the content, it is necessary to control the copying of the content in the licensed device.

That is, in the case where the content is recorded on the recording medium, it is necessary to check whether the content may be copied (copyable) and to record only the content that may be copied. In addition, in the case of reproducing and outputting content recorded on a recording medium, it is necessary to prevent the outputting content from being illegally copied later.

Thus, the processing of the recording / reproducing apparatus of FIG. 1 or FIG. 2 in the case of recording / reproducing content while performing copy control of such content will be described with reference to the flowcharts of FIGS. 40 and 41.

First, in the case of recording the content of the digital signal from the outside on the recording medium, the recording process according to the flowchart of FIG. 40A is performed. The processing in Fig. 40A will be described. The recording / playing apparatus 100 of FIG. 1 will be described as an example. When the content (digital content) of the digital signal is supplied to the input / output I / F 120 through, for example, an IEEE1394 serial bus, the input / output I / F 120 receives the digital content in step S4001 and proceeds to step S4002. Proceed.

In step S4002, the input / output I / F 120 determines whether the received digital content is copyable. That is, for example, when the content received by the input / output I / F 120 is not encrypted (for example, when the plain text content is supplied to the input / output I / F 120 without using the above-described DTCP). Is determined to be copyable.

In addition, it is assumed that the recording and reproducing apparatus 100 conforms to the DTCP, and the processing is executed in accordance with the DTCP. In DTCP, 2-bit encryption mode indicator (EMI) is defined as copy control information for controlling copying. If the EMI is 00B (B indicates that the value before it is binary), the content is copy-free. If the EMI is 01B, the content cannot copy any more. (No-more-copies). In addition, when the EMI is 10B, the content can be copied only once (Copy-one-generation), and when the EMI is 11B, the content is copy-never.

EMI is included in the signal supplied to the input / output I / F 120 of the recording / reproducing apparatus 100, and when the EMI is copy-freely or copy-one-generation, it is determined that the content is copyable. In addition, when EMI is No-more-copies or Copy-never, it is determined that the contents cannot be copied.

If it is determined in step S4002 that the content is not copyable, the steps S4003 to S4005 are skipped to end the recording process. Therefore, in this case, the content is not recorded on the recording medium 10.

If it is determined in step S4002 that the content is copyable, the flow proceeds to step S4003, and in the following steps S4003 to S4005, the same processing as that in steps S302, S303, and S304 in Fig. 3A is performed. That is, the ATS addition to the transport packet by the TS processing means 300 and the encryption processing by the encryption processing means 150 are executed, and the resulting encrypted content is recorded on the recording medium 195 to end the recording process. do.                 

EMI is included in the digital signal supplied to the input / output I / F 120, and when digital content is recorded, the digital content, together with the digital content, indicates information such as EMI or a copy control state (for example, EMI). , Embedded CCI in DTCP).

At this time, generally, the information representing Copy-One-Generation is converted into No-more-copies so as not to permit further copying and recorded.

In the recording and reproducing apparatus of the present invention, copy control information such as EMI and embedded CCI is recorded in a form of being added to a TS packet. That is, as in Example 2 and Example 3 of Fig. 10, ATS is added to each TS packet as shown in Fig. 5 with 32 to 30 bits and 32 bits plus copy control information.

In the case of recording the content of the analog signal from the outside on the recording medium, the recording process according to the flowchart of FIG. 40B is performed. The processing in Fig. 40B will be described. When the content (analog content) of the analog signal is supplied to the input / output I / F 140, the input / output I / F 140 receives the analog content in step S4011, proceeds to step S4012, and the received analog content is copied. It is determined whether or not it is possible.

Here, the determination process of step S4012 determines whether or not a macrovision signal or a CGMS-A (Copy Generation Management System-Analog) signal is included in the signal received at the input / output I / F 140, for example. On the basis of In other words, when a macrovision signal is recorded on a VHS system video cassette tape, it is a signal that is noisy, and if it is included in a signal received by the input / output I / F 140, it is determined that analog content cannot be copied.

For example, the CGMS-A signal is a signal obtained by applying a CGMS signal used for copy control of a digital signal to copy control of an analog signal. The content is copy-freely and only one copy is required. Copy-one-generation or copy-never.

Therefore, when the CGMS-A signal is included in the signal received by the input / output I / F 140 and the CGMS-A signal indicates copy-freely or copy-one-generation, it is determined that the analog content is copyable. do. In addition, when the CGMS-A signal indicates Copy-never, it is determined that analog content cannot be copied.

For example, when neither the macrovision signal nor the CGMS-A signal is included in the signal received by the input / output I / F 4, it is determined that the analog content is copyable.

If it is determined in step S4012 that the analog content is not copyable, the steps S4013 to S4017 are skipped to end the recording process. Therefore, in this case, the content is not recorded on the recording medium 10.

If it is determined in step S4012 that the analog content is copyable, the flow proceeds to step S4013, and in the following steps S4013 to S4017, the same processing as that in steps S322 to S326 in FIG. 3B is performed, and accordingly The content is digitally converted, MPEG encoded, TS processed and encrypted to be recorded on the recording medium and the recording process ends.

When the analog signal received by the input / output I / F 140 includes the CGMS-A signal, when the analog content is recorded on the recording medium, the CGMS-A signal is also recorded on the recording medium. That is, this signal is recorded in the CCI or other information shown in FIG. At this time, in general, information representing Copy-One-generation is converted into No-more-copies and recorded so as not to permit further copying. However, in the system, for example, if a rule such as "Copy-one-generation copy control information is recorded without converting it to No-more-copies, but is treated as No-more-copies" is determined. It is not limited.

[Copy Control in Playback Process]

Next, in the case where the content recorded on the recording medium is reproduced and output to the outside as digital content, the reproduction processing according to the flowchart of FIG. 41A is performed. The processing in FIG. 41A will be described. First, in steps S4101, S4102, and S4103, the same processing as that in steps S401, S402, and S403 in Fig. 4A is performed, whereby the encrypted content read from the recording medium is encrypted in the encryption processing means 150. Decoding processing is performed to perform TS processing. The digital content on which each processing is performed is supplied to the input / output I / F 120 via the bus 100.

In step S4104, the input / output I / F 120 determines whether the digital content supplied thereto is copyable later. That is, for example, when the digital content supplied to the input / output I / F 120 does not contain information indicating the copy control state (copy control information) like EMI or EMI, the content is determined to be copyable later. .                 

In addition, for example, when EMI is included in the digital content supplied to the input / output I / F 120, and therefore, when EMI is recorded according to the DTCP standard at the time of recording the content, the EMI (recorded EMI: Is copy-freely, it is determined that the digital content is copyable later. Also, when the EMI is No-more-copies, it is determined that the content cannot be copied later.

In general, recorded EMI is not copy-one-generation or copy-never. This is because the copy-one-generation EMI is converted to no-more-copies at the time of recording, and digital content having an EMI of copy-never is not recorded on the recording medium. However, in the system, for example, if a rule such as "Copy-one-generation copy control information is recorded without converting to No-more-copies, but is treated as No-more-copies" is defined, It is not limited.

If it is determined in step S4104 that the content is copyable later, the flow advances to step S4105, where the input / output I / F 120 outputs the digital content to the outside and ends the reproduction processing.

If it is determined in step S4104 that the content is not copyable later, the flow advances to step S4106, and the input / output I / F 120 performs the digital content after the digital content, for example, according to the DTCP standard or the like. Output to the outside in the form not copied and end the reproduction process.

That is, for example, as described above, when the recorded EMI is No-more-copies (or in the system, for example, "copy-one-generation copy control information is not converted to No-more-copies"). Record, but treat as No-more-copies ”, and when the EMI recorded under the conditions is Copy-one-generation), no further copying of the content is allowed.

For this reason, the input / output I / F 120 authenticates each other between devices according to the DTCP standard, and encrypts the digital content when the other party is a legitimate device (here, the device conforms to the DTCP standard). To the outside.

Next, when the content recorded on the recording medium is reproduced and output to the outside as analog content, the reproduction processing according to the flowchart of FIG. 41B is performed. The processing in FIG. 41B will be described. In steps S4111 to S4115, the same processing as that in steps S421 to S425 in FIG. 4B is performed. In other words, the encrypted content is read, decrypted, TS processed, MPEG decoded, and D / A converted. The analog content thus obtained is received at the input / output I / F 140.

In step S4116, the input / output I / F 140 determines whether the content supplied thereto is copyable later. That is, for example, when copy control information such as EMI is not recorded together with the recorded content, it is determined that the content can be copied later.

In addition, when the content is recorded, for example, according to the DTCP standard, when EMI or copy control information is recorded, it is determined that the content can be copied later when the information is Copy-freely.

In addition, when the EMI or the copy control information is No-more-copies or in the system, for example, "Copy-one-generation copy control information is recorded without converting to No-more-copies, but No- more-copies ”, and if the EMI or copy control information recorded under the conditions is Copy-one-generation, it is determined that the content cannot be copied later.

In addition, for example, when the CGMS-A signal is included in the analog content supplied to the input / output I / F 140, and therefore the CGMS-A signal is recorded together with the content when the content is recorded, the CGMS-A When the signal is Copy-freely, it is determined that the analog content is copyable later. Also, when the CGMS-A signal is Copy-never, it is determined that the analog content cannot be copied later.

If it is determined in step S4116 that the analog content is copyable later, the flow advances to step S4117, where the input / output I / F 140 outputs the analog signal supplied thereto as it is to the outside and ends the reproduction processing.

If it is determined in step S4116 that the analog content is not copyable later, the flow advances to step S4118, where the input / output I / F 140 outputs the analog content to the outside in such a manner that the analog content is not copied later. The playback process ends.

That is, for example, as described above, when the copy control information such as EMI is recorded as No-more-copies (or in the system, for example, "copy-one-generation copy control information is No-"). record without converting to more-copies, but treat it as No-more-copies ”, and if the copy control information such as EMI recorded under such conditions is Copy-one-generation) Copying is not allowed.

For this reason, the input / output I / F 140 further outputs analog content to the outside by adding, for example, a macrovision signal or a GCMS-A signal indicating copy-never. In addition, even if the recorded CGMS-A signal is Copy-never, further copying of contents is not allowed. For this reason, the input / output I / F 4 changes the CGMS-A signal to copy-never and outputs it with the analog content to the outside.

As described above, it is possible to prevent copying (illegal copying) outside the range allowed for the content by performing recording / reproduction of the content while controlling the copying of the content.

[Configuration of Data Processing Means]

In addition, the series of processes described above can be performed not only by hardware but also by software. In other words, for example, the encryption processing means 150 can be configured as an encryption / decryption LSI, but can also be configured by executing a program on a general-purpose computer or a single-chip microcomputer. Similarly, the TS processing means 300 can execute the processing by software. When a series of processes are performed by software, the program constituting the software is installed in a general-purpose computer, a single-chip microcomputer, or the like. 42 shows an example of the configuration of an embodiment of a computer in which a program for executing the series of processes described above is installed.                 

The program can be recorded in advance in the hard disk 4205 or the ROM 4203 as a recording medium built into the computer. Alternatively, the program may be temporarily or permanently stored on an erasable recording medium 4210 such as a floppy disk, a compact disc read only memory (CD-ROM), a magneto optical (MO) disk, a digital versatile disc (DVD), a magnetic disk, or a semiconductor memory. Can be saved (recorded). Such erasable recording medium 4210 can be provided as so-called package software.

In addition to being installed on a computer from the erasable recording medium 4210 described above, the program can be wirelessly transmitted from a download site to a computer via a satellite for digital satellite broadcasting, or a network such as a local area network (LAN) or the Internet can be used. By wired transmission to a computer via a computer, the computer can receive the program transmitted in this way by the communication unit 4208 and install it in the internal hard disk 4205.

The computer has a CPU (Central Processing Unit) 4202 built in. The input / output interface 4211 is connected to the CPU 4202 via the bus 4201, and the input unit 4207 configured by the user as a keyboard or a mouse is provided via the input / output interface 4211 to the CPU 4202. When a command is input by the operation, the program stored in the ROM (Read Only Memory) 4203 is executed accordingly.

Alternatively, the CPU 4202 may be transmitted from a program stored in the hard disk 4205, a satellite, or a network, and may be received by the communication unit 4208 and installed in the hard disk 4205, or may be erased in the drive 4209. The program read from the capable recording medium 4210 and installed in the hard disk 4205 is loaded into the RAM (Random Access Memory) 4204 and executed.

As a result, the CPU 4202 performs the processing according to the above-described flowchart or the processing performed by the configuration of the above-described block diagram. The CPU 4202 outputs the result of the processing from the output unit 4206 composed of a liquid crystal display (LCD), a speaker, or the like via, for example, an input / output interface 4211 as necessary, or a communication unit ( 4208 or to the hard disk 4205.

Here, the processing steps for describing a program for causing the computer to perform various processes in this specification do not necessarily need to be processed in time series in the order described as a flow chart, and are executed in parallel or separately (for example, in parallel Processing or processing by an object).

The program may be processed by one computer or may be distributedly processed by a plurality of computers. In addition, the program may be transferred to a computer at a distant place and executed.

In addition, in this embodiment, the block which performs encryption / decryption of content was demonstrated centering on the example which consists of a chip | tip encryption / decryption LSI. However, the block which performs encryption / decryption of content is, for example, FIG. It is also possible to implement it as one software module executed by the CPU 170 shown in FIG. Similarly, the processing of the TS processing means 300 can also be realized as one software module executed by the CPU 170.

[Production apparatus and method of recording medium]

Next, the information recording medium manufacturing apparatus and method of the present invention for manufacturing the above-described information recording medium of the present invention will be described.

Fig. 43 is a schematic diagram of a disk manufacturing apparatus for manufacturing a recording medium and recording a disk ID (Disk ID), a key update block: KRB (Key Renewal Block), and an encrypted master key or encrypted media key with respect to the recording medium. The configuration is shown.

The disk manufacturing apparatus shown in FIG. 43 is a disk ID (Disk ID), a key update block: KRB (Key Renewal Block) and an encrypted master key for an information recording medium already assembled by an assembly process (not shown). Or record the encrypted media key. Also, if necessary, pre-recording generation information (Generation # n) of the master key is also recorded.

The disk manufacturing apparatus 4300 may include a disk ID (Disk ID), a key update block: KRB (Key Renewal Block), and a memory 4302 or other storage means for storing an encrypted master key or an encrypted media key in advance; The recording medium I / F 4303 for writing and reading the recording medium 4350, the input / output I / F 4304 serving as an I / F with other devices, the controller 4301 controlling them, and the connection thereof. The bus 4305 is provided.

In addition, in the configuration of FIG. 43, the memory 4302 and the recording medium I / F 4304 are built in the manufacturing apparatus, but the memory 4302 and the recording medium I / F 4303 are externally attached. It may be one.

The above-mentioned disk ID (Disk ID), key update block: KRB (Key Renewal Block) and encrypted master key or encrypted media key, pre-recording three generation information (Generation #n) of the master key, For example, it is issued by a key issuing center, not shown, and is stored in advance in the built-in or externally attached memory.

The disk ID (Disk ID), key update block: KRB (Key Renewal Block) and the encrypted master key or encrypted media key stored in the memory 4302 are controlled by the control unit 4301, and the recording medium I / F. It is recorded on the recording medium via 4303. If necessary, the pre-recording generation information (Generation # n) of the master key is also recorded.

In addition, a disk ID, a key update block: KRB (Key Renewal Block), an encrypted master key or an encrypted media key, and pre-recording generation information (Generation # n) of the master key are described above. As described above, it is also possible not only to use the one stored in advance in the memory 4302, but also to receive the one sent from the key issuance center through the input / output I / F 4304, for example.

Fig. 44 shows a method for manufacturing a recording medium of the present invention, wherein the recording medium is manufactured, and a disk ID (Disk ID), a key update block: KRB (Key Renewal Block), and an encrypted master key or encrypted for the recording medium. The flow of the manufacturing process in the recording medium manufacturing method for recording the pre-recording generation information (Generation # n) of the media key and the master key is shown.

44, in the recording medium manufacturing method, first, various recording media such as DVD and CD are assembled by a known assembling step (not shown) as the manufacturing step of step S4401.                 

Next, as the manufacturing process of step S4402, a disk ID (Disk ID), a key update block KRB (Key Renewal Block) and an encrypted master key or encryption are performed by the recording medium manufacturing apparatus of FIG. 43. The recording process of the used media key is performed. In addition, pre-recording generation information (Generation # n) of the master key is recorded as necessary.

By the above disk manufacturing process, the recording medium is shipped from the manufacturing factory in the state of recording the disk ID (Disk ID), key update block: KRB (Key Renewal Block), and encrypted master key or encrypted media key. If necessary, after pre-recording generation information (Generation # n) of the master key is recorded, it is shipped from the manufacturing plant.

[Format of KRB]

45 shows an example of the format of a key renewal block (KRB). The version 4501 is an identifier indicating a version of a key renewal block (KRB). Depth 4502 indicates the number of hierarchies in the hierarchical tree for the device of the distribution destination of the key update block (KRB). The data pointer 4503 is a pointer indicating the position of the data portion of the key renewal block (KRB), the tag pointer 4504 is the position of the tag portion, and the signature pointer 4505 is a pointer indicating the position of the signature. The data unit 4506 stores data obtained by, for example, encrypting a node key to be updated.

The tag portion 4507 is a tag indicating the positional relationship between the encrypted node key and the leaf key stored in the data portion. This tag assignment rule will be described with reference to FIG. 46. FIG. 46 shows an example of sending the key update block KRB described with reference to FIG. 12A as data. Data at this time is as shown in the table on the right side of FIG. The address of the top node included in the encryption key at this time is referred to as the top node address. In this case, since the update key K (t) R of the root key is included, the top node address is KR.

The data Enc (K (t) 0, K (t) R) at the top of the encryption key is at a position indicated by the hierarchical tree in the left end of FIG. Here, the next data is Enc (K (t) 00, K (t) 0), and is located at the lower left of the previous data on the tree. The tag is set to 0 if there is data and to 1 if there is no data. The tag is set as {left (L) tag, right (R) tag}. Since there is data on the left side of the uppermost data Enc (K (t) 0, K (t) R), L tag = 0 and no data on the right side, so R tag = 1. Hereinafter, the tag is set for all data, and the data string and tag string shown in FIG. 46C are configured. As the processing order of the nodes in the tree, it is suitable to use either width first for processing the width direction of the same stage first or depth first for processing the depth direction first.

Returning to Fig. 45, the KRB format is further described. A signature is an electronic signature executed by, for example, a key management center, a content provider, a payment authority, etc. that issued a key update block KRB. The device receiving the KRB confirms that it is the key update block KRB issued by the legitimate key update block KRB issuer by signature verification.

In the above, this invention was demonstrated in detail, referring a specific Example. However, it will be apparent to those skilled in the art that the embodiments can be modified or substituted without departing from the scope of the present invention. That is, the present invention has been disclosed in the form of examples, and should not be interpreted limitedly. In order to judge the summary of this invention, the column of a claim should be considered.

As described above, according to the information recording and reproducing apparatus of the present invention, since the key distribution structure of the tree structure is configured to transmit update data of the master key and the media key together with the update block KRB, key update is performed. It is possible to transmit or distribute a decoded configuration only to necessary devices, and to reduce the amount of messages. In addition, it is possible to distribute the decryptable key only to a specific group defined by the tree structure with a small amount of messages, and to make it impossible to decrypt to other devices not belonging to the group, and to secure the safety of key distribution or distribution. do.

In addition, a type of key transmitted to each recording / reproducing apparatus by using a key distribution method of a tree structure is set to a master key that can be commonly used in a system defined by a specific group constituting the tree. It is also possible to use a media key, and by generating a unique KRB for each and distributing it through network distribution or media, key updating is easily and securely executed.

For this reason, according to the present invention, it is possible to construct an information recording and reproducing system which can prevent the illegal copying of copyrighted data such as a movie or music, which is contrary to the copyright holder.

In addition, in a system using a master key that has undergone generation management, a configuration that distributes a new generation master key updated by the KRB can be used to identify a device capable of updating an update master key encrypted and distributed together with the KRB. Since the key block can be configured, only a device that needs to be securely updated can form a decryptable encryption master key without executing conventional authentication processing or the like on a device-by-device basis, so that key update can be executed safely.

Further, according to the information recording and reproducing apparatus and method of the present invention, not only the encryption processing by the generation-managed master key or the media key, but also the encryption processing enabling the playback device restriction processing is executed and stored in the recording medium. Doing. According to this configuration, when data is recorded on the recording medium, only the device can be reproduced (there is a playback device limitation), and the device unique key (device unique key) is acted on the encryption key of the data, otherwise (playback). In the case of no device limitation, the device identification information (device ID) is applied to an encryption key of data to encrypt the data. In addition, since the device identification information of the recorded device and information (reproduction device restriction flag) indicating whether the recording device is restricted or not are recorded in the recording medium, the recording medium is recorded. If the playback device is restricted, only the recorded device that knows the device's unique key can decrypt the data.If the playback device is not restricted, any device can decrypt the data using the device identification information of the recording device. Will be.                 

In addition, since the block key for encrypting the block data is generated using the ATS configured as random data according to the incoming time of each packet, it is possible to generate a unique key for each block. You can change the encryption key and increase the strength of cryptographic interpretation. In addition, by using the ATS to generate a block key, the area on the recording medium for storing the encryption key for each block becomes unnecessary, and the main data area can be effectively used. In addition, there is no need to access data other than the main data portion at the time of recording and reproducing data, thereby making the process efficient.

Claims (58)

An information recording apparatus for recording information on a recording medium, Each of a plurality of different information recording apparatuses holds a node key unique to each node and a leaf key unique to each information recording apparatus included in the hierarchical tree structure included as a leaf of a hierarchical tree structure, Encryption processing means for encrypting data to be stored in the recording medium; The encryption processing means, Encryption key generation means for generating an encryption key based on encryption key generation data embedded in the information recording apparatus; Encryption means for encrypting data to be stored in the recording medium by using the encryption key generated by the encryption key generation means; Data updating means for updating the encryption key generation data using at least one of the node key and a leaf key Information recording device comprising a. The method of claim 1, And the encryption key generation data is a master key common to a plurality of information recording apparatuses. The method of claim 1, And the encryption key generation data is a media key unique to a specific recording medium. The method of claim 1, The data update means, Key update block processing means for receiving update data on the encryption key generation data encrypted with the updated node key, encrypting a key update block KRB to obtain an updated node key; An encryption key generation data calculator for calculating update data for the encryption key generation data based on the updated node key acquired by the key update block processing means, The node key is updatable, and when the node key is updated, a key update block derived from encryption of the updated node key using at least one of a node key or a leaf key on a lower layer of the tree structure updates the encryption key generation data. An information recording device that is distributed to leaf information recording devices. The method of claim 4, wherein The key update block KRB is stored in a recording medium, And the encryption processing means executes encryption processing on the key update block (KRB) read from the recording medium. The method of claim 1, The generation key as update information is associated with the encryption key generation data. And the encryption processing unit stores the generation number of the encryption key generation data used when storing encrypted data on the recording medium as the generation number at the time of recording on the recording medium. The method of claim 1, The information recording apparatus depends on whether or not a playback device restriction is set. If the playback device limitation is not set, a first encryption key for data to be stored on the recording medium is generated based on first encryption key generation data to encrypt the data to be stored on the recording medium with the first encryption key. A first encryption key generation process in which first encryption key generation data is stored in the recording medium; When the reproduction device limitation is set, the second encryption key for data to be stored on the recording medium is generated based on the second encryption key generation data built into the information recording device, and the data to be stored on the recording medium is stored. Second encryption key generation processing to encrypt with 2 encryption keys An information recording apparatus for selectively executing. The method of claim 7, wherein The cipher processing means depends on whether playback device restrictions are set. If the playback device limitation is not set, a unique title key, a disc ID, which is a unique identifier of a recording medium, a title key unique to data to be recorded on the recording medium, from a master key stored in an information recording apparatus and managing generation. A first encryption key generation process of generating a device ID which is an identifier for an information recording apparatus and generating the first encryption key from the title unique key; If the playback device limitation is set, a title unique key, a disc ID which is an identifier unique to a recording medium, a title key specific to data to be recorded on the recording medium, and information recording from a generation management master key stored in the information recording apparatus. A second encryption key generation process of generating a device-specific device unique key to generate the second encryption key from the title unique key An information recording apparatus for selectively executing. The method of claim 1, Transport stream processing means for adding reception time information (ATS) to each of the intermittent transport packets included in the transport stream, The encryption processing means generates a block key as an encryption key for block data including two or more packets to which the reception time information ATS is added, respectively, from the transport stream processing means; The encryption processing means, when encrypting the stored data for the recording medium, based on the block seed which is additional information unique to the block data including the reception time information (ATS) and the data including the encryption key generation data. An information recording apparatus for generating a block key as an encryption key. The method of claim 1, And the encryption processing means executes encryption processing of stored data on the recording medium according to a DES algorithm. The method of claim 1, Interface means for receiving information to be recorded on the recording medium; And the interface means identifies copy control information added to each packet included in a transport stream constituting data, and controls whether to execute recording on a recording medium based on the copy control information. The method of claim 1, Interface means for receiving information recorded on the recording medium, And the interface means identifies a 2-bit EMI (Encryption Mode Indicator) as copy control information, and determines whether to execute recording on the recording medium based on the EMI. An information reproducing apparatus for reproducing information from a recording medium, Holds a node key unique to each node and a leaf key unique to each information recording device included in a hierarchical tree structure containing a plurality of different information recording devices, Encrypting means for decrypting the encrypted data stored in the recording medium; The encryption processing means, Decryption key generation means for generating a decryption key based on decryption key generation data embedded in the information recording apparatus; Decrypting means for decrypting the encrypted data stored in the recording medium; Data updating means for updating the decryption key generation data by using at least one of the node key and leaf key Information reproducing apparatus comprising a. The method of claim 13, And the decryption key generation data is a master key common to a plurality of information recording apparatuses. The method of claim 13, And the decryption key generation data is a media key unique to a specific recording medium. The method of claim 13, The data update means, Key update block processing means for receiving update data on the decryption key generation data encrypted with the updated node key and encrypting a key update block KRB to obtain an updated node key; A decryption key generation data calculator for calculating update data for the decryption key generation data based on the updated node key acquired by the key update block processing means Information reproducing apparatus comprising a. The method of claim 16, The key update block KRB is stored in a recording medium, And the encryption processing means executes encryption processing on the key update block (KRB) read from the recording medium. The method of claim 13, The decryption key generation data has a configuration in which a generation number as update information is associated. The encryption processing unit reads, from the recording medium, the generation number of the encryption key generation data used in the encryption processing of the encrypted data when decrypting the encrypted data from the recording medium, and decrypts it corresponding to the read generation number. An information reproducing apparatus for generating a decryption key using key generation data. The method of claim 13, The information reproducing apparatus is based on whether or not a reproduction device restriction is set. If the playback device limitation is not set, the first decryption key is generated for the encrypted data stored in the recording medium based on the first decryption key generation data stored in the recording medium to decrypt the encrypted data with the first decryption key. First decryption key generation processing; If the reproduction device limitation is set, a second decryption key is generated for the encryption data stored in the recording medium based on the second decryption key generation data built into the information recording apparatus, and the encrypted data is converted into the second decryption key. Second decryption key generation processing to decrypt Information reproducing apparatus for selectively executing. The method of claim 19, The cipher processing means is subject to whether or not the playback device restriction is set. When the playback device limitation is not set, the generation management master key stored in the information recording apparatus is obtained, and a disc ID, which is an identifier unique to the recording medium, a title key unique to the data to be decrypted, and encrypted data are recorded from the recording medium. Device ID, which is an identifier of the information recording apparatus, obtains a device ID, which is an identifier of the information recording apparatus, generates a title unique key from the master key, disc ID, title key, and device ID, and generates the first decryption key from the title unique key. First decryption key generation processing; When the reproduction device limitation is set, a generation management master key stored in the information recording apparatus and a device unique key which is a unique key of the information recording apparatus stored in the information recording apparatus are obtained, and a disc having an identifier unique to the recording medium is obtained from the recording medium. Second decryption for acquiring an ID, a title key unique to the data to be decrypted, generating a title unique key from the master key, disc ID, title key, and device unique key, and generating the second decryption key from the title unique key; Key generation processing Information playback device to run. The method of claim 13, Transport stream processing means for controlling data output based on received time information (ATS) added to each of the plurality of transport packets included in the block data decrypted by the encryption processing means, The encryption processing means generates a block key as a decryption key for block data consisting of two or more packets to which the reception time information ATS is added, respectively, from the transport stream processing means; The block key is generated based on the block seed, which is additional information unique to the block data including the received time information (ATS), and the data including the decryption key generation data when decrypting the encrypted data stored in the recording medium. An information reproducing apparatus which is a decryption key. The method of claim 13, And the encryption processing means performs decoding processing of encrypted data stored in the recording medium according to a DES algorithm. The method of claim 13, Interface means for receiving information to be recorded on the recording medium; And the interface means identifies copy control information added to each packet included in a transport stream constituting data, and controls whether or not reproduction is executed from a recording medium based on the copy control information. The method of claim 13, Interface means for receiving information to be recorded on the recording medium; And the interface means identifies two bits of an EMI (Encryption Mode Indicator) as copy control information for controlling copying, and controls whether to execute playback from a recording medium based on the EMI. An information recording method for recording information on a recording medium, Encryption key generation data using at least one of a node key unique to each node included in the hierarchical tree structure in which a plurality of different information recording devices are included as a leaf of a hierarchical tree structure, or at least one of a leaf key unique to each of the information recording devices. An update step of updating the An encryption key generation step of generating an encryption key based on the encryption key generation data; An encryption step of encrypting data to be stored in the recording medium by using the encryption key generated in the encryption key generation step Information recording method comprising a. The method of claim 25, And the encryption key generation data is a master key common to a plurality of information recording apparatuses. The method of claim 25, And the encryption key generation data is a media key unique to a specific recording medium. The method of claim 25, The node key is configured as an updatable key, and in the update process, a key update block KRB obtained by encrypting an update node key with a key including at least one of a node key and a leaf key of a lower layer is to be updated. It is a configuration to distribute to the information recording device of the leaf, The update step, An update node key acquiring step of acquiring the update node key by encryption processing of the key update block KRB; The update data acquisition step of calculating update data of the encryption key generation data based on the obtained update node key. Information recording method comprising a. The method of claim 25, The encryption key generation data has a configuration in which a generation number as update information is associated. The encryption processing step, And storing the generation number of the encryption key generation data used in storing the encrypted data for the recording medium as the generation number in the recording medium. The method of claim 25, The encryption processing step, Generating a first encryption key of stored data for the recording medium based on first encryption key generation data to perform encryption processing based on the first encryption key on the stored data, and generating the first encryption key. Data encryption processing of unlimited playback apparatus for storing data in the recording medium; A reproducing apparatus which generates a second encryption key of the storage data for the recording medium on the basis of the second encryption key generation data embedded in the information recording apparatus, and performs encryption processing on the storage data based on the second encryption key; Data encryption processing with restrictions Information recording method that selectively executes. The method of claim 30, The encryption processing step, In the encryption processing without limitation of the reproduction device, a generation-managed master key stored in the information recording apparatus, a disc ID which is a recording medium identifier unique to a recording medium, a title key unique to data to be recorded on the recording medium, and information Generate a title unique key based on a device ID which is an identifier of a recording device, generate the first encryption key based on the title unique key, In the encryption processing with the limitation of the reproduction device, a generation-managed master key stored in the information recording apparatus, a disc ID which is a recording medium identifier unique to a recording medium, a title key unique to data to be recorded on the recording medium, and information An information recording method of generating a title unique key based on a device unique key which is a unique key of a recording apparatus, and generating the second encryption key based on the title unique key. The method of claim 25, The information recording method, A transport stream processing step of adding reception time information (ATS) to each packet constituting a transport stream consisting of intermittent transport packets, The encryption processing step, Generating a block key as an encryption key for block data comprising one or more packets to which the reception time information ATS is added; In the encryption processing of the storage data for the recording medium, a block key as an encryption key based on data including a block seed which is additional information unique to block data including the encryption key generation data and the received time information (ATS). Information recording method to generate. The method of claim 25, And wherein said encryption processing step performs encryption processing of stored data for said recording medium in accordance with a DES algorithm. The method of claim 25, The information recording method is an information recording method of identifying copy control information added to each packet included in a transport stream constituting data and further controlling whether recording is executed on a recording medium based on the copy control information. . The method of claim 25, The information recording method is an information recording method of identifying two bits of an encryption mode indicator (EMI) as copy control information for controlling copying, and further controlling whether recording is executed on a recording medium based on the EMI. An information reproducing method of reproducing information from a recording medium, Encryption stored in the recording medium using at least one of a node key unique to each node included in the hierarchical tree structure in which a plurality of different information reproducing apparatuses are included as a leaf of the hierarchical tree structure and a leaf key unique to each information reproducing apparatus. An update step of performing an update process of decryption key generation data for generating a decryption key for decrypting data; A decryption key generation step of generating a decryption key from the decryption key generation data updated in the updating step; Decryption step of decrypting data stored in the recording medium by using the decryption key generated in the decryption key generation step Information playback method comprising a. The method of claim 36, And the decryption key generation data is a master key common to a plurality of information recording apparatuses. The method of claim 36, And the decryption key generation data is a media key unique to a specific recording medium. The method of claim 36, In the information reproduction method, The node key is configured as an updatable key, and in the update process, a key update block KRB obtained by encrypting an update node key with a key including at least one of a node key and a leaf key of a lower layer is to be updated. To distribute to leaf information replay devices, The update step, An update node key acquiring step of acquiring the update node key by encryption processing of the key update block KRB; An update data acquisition step of calculating update data of the decryption key generation data based on the obtained update node key Information playback method comprising a. The method of claim 36, The decryption key generation data has a configuration in which a generation number as update information is associated. The decoding processing step, When decrypting the encrypted data from the recording medium, the generation number of the encryption key generation data used in the encryption processing of the encryption data is read out from the recording medium, and decryption key generation data corresponding to the read generation number is used. Information reproduction method for generating a decryption key. The method of claim 36, The information reproduction method, Restriction on playback equipment that generates a first decryption key for the encrypted data stored on the recording medium based on the first decryption key generation data stored on the recording medium, and performs decryption processing based on the first decryption key on the encrypted data. With data decoding processing of none, A reproduction which generates a second decryption key for the encrypted data stored in the recording medium based on the second decryption key generation data built into the information recording apparatus, and performs decryption processing based on the second decryption key on the encrypted data; Data Decoding Processing with Device Restriction Information playback method to selectively execute more. The method of claim 41, wherein The decoding processing step, In the decoding processing without the playback device limitation, While acquiring the household-managed master key stored in the information recording device, From the recording medium, A disc ID which is a recording medium identifier unique to the recording medium, A title key unique to the data to be decoded, Acquires a device ID which is an identifier of the information recording apparatus which is an identifier of the information recording apparatus which recorded the encrypted data Generate a title unique key based on the master key, disc ID, title key, and device ID, generate the first decryption key based on the title unique key, In the decoding process with the reproduction device limitation, A generation-managed master key stored in the information recording device, While acquiring a device unique key which is a unique key of the information recording device stored in the information recording device, From the recording medium, A disc ID which is a recording medium identifier unique to the recording medium, Obtains a title key unique to the data to be decoded, And generating a title unique key based on the master key, disc ID, title key, and device unique key, and generating the second decryption key based on the title unique key. The method of claim 36, In the information reproduction method, The information reproducing apparatus includes transport stream processing means for executing data output control based on the reception time information (ATS) added to each of the plurality of transport packets constituting the decoded block data, The decoding processing step, Generating a block key as a decryption key for block data composed of one or more packets to which the reception time information (ATS) is added; In the decryption processing of the encrypted data stored in the recording medium, a block key as a decryption key is based on data including block seed which is additional information unique to block data including the decryption key generation data and the reception time information (ATS). How to play the generated information. The method of claim 36, The decoding processing step, An information reproducing method for performing decoding processing of encrypted data stored in the recording medium according to a DES algorithm. The method of claim 36, The information reproduction method, An information reproducing method of identifying copy control information added to each packet included in a transport stream constituting data, and further controlling whether reproduction of data stored in a recording medium is executed based on the copy control information. The method of claim 36, The information reproduction method, An information reproducing method of identifying two bits of an encryption mode indicator (EMI) as copy control information for controlling copying, and further controlling whether reproduction of data stored in a recording medium is performed based on the EMI. delete delete delete delete A data recording apparatus for recording data on a recording medium to produce an information recording medium, comprising: An input / output interface for inputting or outputting information including key update block information; The input / output interface derived from encryption of an updated node key using at least one of a node key unique to each node or a leaf key unique to each information included in a hierarchical tree structure including a plurality of different information recording devices. A memory for storing a key update block (KRB) input by A control unit for controlling writing of the key update block KRB stored in the memory to the recording medium Data recording device comprising a. The method of claim 51, The memory further stores at least one of a recording medium identifier and encrypted encryption key generation data or encrypted decryption key generation data, And the control unit performs write control on the recording medium with respect to at least one of the recording medium identifier, encrypted encryption key generation data, and encrypted decryption key generation data. The method of claim 51, The memory further stores generation information about encryption key generation data or decryption key generation data, And the control unit executes write control of the generation information on the recording medium. A data recording method for recording data on a recording medium, Receiving information including key update block information by an input / output interface, A key update block derived from encryption of an updated node key using at least one of a node key unique to each node and a leaf key unique to each information included in a hierarchical tree structure including a plurality of different information recording devices Storing (KRB) in memory, Writing the key update block KRB stored in the memory to the recording medium Data recording method comprising a. The method of claim 54, Further storing at least one of a recording medium identifier, encrypted encryption key generation data or encrypted decryption key generation data in the memory, And writing at least one of the recording medium identifier, encrypted encryption key generation data, and encrypted decryption key generation data to the recording medium. The method of claim 54, Further storing generation information on encryption key generation data or decryption key generation data in the memory, And a controller for writing the generation information to the recording medium. delete delete

Images